From: xroche Date: Fri, 7 Nov 2014 17:27:08 +0000 (+0100) Subject: Imported Upstream version 0.19.1 X-Git-Tag: upstream/0.19.1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=52d37d25b3c91512065df4956c17d84d7d59dde9;p=platform%2Fupstream%2Fp11-kit.git Imported Upstream version 0.19.1 --- diff --git a/ChangeLog b/ChangeLog index 56eb8a2..177157a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,132 +1,376 @@ # Generate automatically. Do not edit. -commit 86c0afcdb4329f54c8a7992b323611bdf3203ff0 -Author: Stef Walter -Date: 2013-06-24 +commit 4fd057258177f4f14bbe78c2d02d5a65eaf3f3dc +Author: Stef Walter +Date: 2013-05-27 - Release version 0.18.4 + Release version 0.19.1 - NEWS | 3 +++ - configure.ac | 2 +- - 2 files changed, 4 insertions(+), 1 deletion(-) + NEWS | 11 +++++++++++ + configure.ac | 2 +- + 2 files changed, 12 insertions(+), 1 deletion(-) -commit 93f197792150ae2e2e3ffafb903dfab6854915cb -Author: Stef Walter -Date: 2013-06-17 +commit e98522ba9e92be79526eba9daee9f60aa30ad942 +Author: Stef Walter +Date: 2013-05-21 - trust: Move the extract-trust external placeholder command into trust/ + Mark p11_kit_message() as a stable function - .gitignore | 3 ++- - configure.ac | 2 +- - tools/Makefile.am | 4 ---- - tools/p11-kit-extract-trust.in | 26 -------------------------- - trust/Makefile.am | 4 ++++ - trust/p11-kit-extract-trust.in | 26 ++++++++++++++++++++++++++ - 6 files changed, 33 insertions(+), 32 deletions(-) + doc/manual/p11-kit-sections.txt | 2 +- + p11-kit/p11-kit.h | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) -commit 41d2a28b89af41799d01d5973d026712d9174f31 -Author: Stef Walter -Date: 2013-06-17 +commit 61a9cfa62972678f1cbbad7f4d1a814e9b7f05e2 +Author: Stef Walter +Date: 2013-05-21 - trust: Print out usage when extract-trust run incorrectly - - Also sorta covers --help and -h usage + Fix building of applications using CRYPTOKI_GNU style - tools/p11-kit-extract-trust.in | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) + p11-kit/p11-kit.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) -commit e32481727387460d5900d0bbb495d3694facf64b -Author: Stef Walter -Date: 2013-06-17 +commit 435843812ab7b85f97cfdc32ae9412f78242b950 +Author: Stef Walter +Date: 2013-05-21 - tools: Fix passing args to external commands - - There were various bugs passing arguments, with duplicates being - passed, as well as certain arguments being skipped.t + Bump the version for deprecated function documentation - tools/tool.c | 4 ++++ - 1 file changed, 4 insertions(+) + p11-kit/modules.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) -commit b6e065cda1db37a6c8ed52dac3432468e1277323 -Author: Stef Walter -Date: 2013-06-17 +commit 30830eb693ac2e89f28bb34459db6837031ca795 +Author: Stef Walter +Date: 2013-04-09 - tools: Only use our private path when looking for external commands - - Instead of looking for external commands in the path, just look - for them in our private directory. - - We want to be conservative early on, and limit what sorta things - we have to maintain later. We can later remove this restriction - if a real use case presents itself. + Fix up Makefile.am files for automake 1.13 warnings - tools/tool.c | 11 ++++------- - 1 file changed, 4 insertions(+), 7 deletions(-) + common/tests/Makefile.am | 4 ++-- + p11-kit/Makefile.am | 2 +- + p11-kit/tests/Makefile.am | 2 +- + tools/Makefile.am | 2 +- + tools/tests/Makefile.am | 2 +- + trust/Makefile.am | 2 +- + trust/tests/Makefile.am | 2 +- + 7 files changed, 8 insertions(+), 8 deletions(-) -commit 49e344cfa48d765ccc83a7313b1ba1c30252b84e -Author: Stef Walter -Date: 2013-06-05 +commit dcabaf1d56d410ba7ddb3dfbab9011bbbea5e6bc +Author: Stef Walter +Date: 2013-04-05 - Release version 0.18.3 + Our own unit testing framework + + * Support the TAP protocol + * Much cleaner without having to carry around state + * First class support for setup/teardown + * Port the common tests + * Wait on porting other tests until we've merged outstanding code + + build/Makefile.am | 8 - + build/Makefile.tests | 5 +- + build/cutest/CuTest.c | 329 ---------- + build/cutest/CuTest.h | 111 ---- + build/cutest/README.txt | 211 ------- + build/cutest/license.txt | 38 -- + common/Makefile.am | 5 +- + common/debug.h | 2 + + common/test.c | 261 ++++++++ + common/test.h | 131 ++++ + common/tests/Makefile.am | 3 +- + common/tests/test-array.c | 101 ++-- + common/tests/test-asn1.c | 53 +- + common/tests/test-attrs.c | 461 +++++++------- + common/tests/test-base64.c | 67 +-- + common/tests/test-buffer.c | 113 ++-- + common/tests/test-compat.c | 28 +- + common/tests/test-constants.c | 45 +- + common/tests/test-dict.c | 250 ++++---- + common/tests/test-hash.c | 74 +-- + common/tests/test-lexer.c | 126 ++-- + common/tests/test-oid.c | 45 +- + common/tests/test-path.c | 68 +-- + common/tests/test-pem.c | 76 +-- + common/tests/test-url.c | 93 ++- + common/tests/test-utf8.c | 60 +- + common/tests/test-x509.c | 106 ++-- + p11-kit/tests/Makefile.am | 14 +- + p11-kit/tests/conf-test.c | 428 ------------- + p11-kit/tests/pin-test.c | 325 ---------- + p11-kit/tests/progname-test.c | 98 --- + p11-kit/tests/test-conf.c | 414 +++++++++++++ + p11-kit/tests/test-deprecated.c | 187 +++--- + p11-kit/tests/test-init.c | 144 ++--- + p11-kit/tests/test-iter.c | 481 ++++++++------- + p11-kit/tests/test-log.c | 41 +- + p11-kit/tests/test-managed.c | 97 ++- + p11-kit/tests/test-mock.c | 1012 +++++++++++++++---------------- + p11-kit/tests/test-modules.c | 157 +++-- + p11-kit/tests/test-pin.c | 313 ++++++++++ + p11-kit/tests/test-progname.c | 86 +++ + p11-kit/tests/test-proxy.c | 75 +-- + p11-kit/tests/test-uri.c | 1245 ++++++++++++++++++++++++++++++++++++++ + p11-kit/tests/test-virtual.c | 70 +-- + p11-kit/tests/uri-test.c | 1258 --------------------------------------- + tools/tests/Makefile.am | 6 +- + tools/tests/test-extract.c | 221 +++---- + tools/tests/test-openssl.c | 186 +++--- + tools/tests/test-pem.c | 96 +-- + tools/tests/test-save.c | 329 +++++----- + tools/tests/test-tools.c | 216 +++++++ + tools/tests/test-tools.h | 260 ++++++++ + tools/tests/test-x509.c | 102 ++-- + tools/tests/test.c | 209 ------- + tools/tests/test.h | 260 -------- + trust/tests/Makefile.am | 5 +- + trust/tests/test-builder.c | 446 +++++--------- + trust/tests/test-data.c | 160 ----- + trust/tests/test-data.h | 273 --------- + trust/tests/test-index.c | 395 ++++++------ + trust/tests/test-module.c | 470 ++++++--------- + trust/tests/test-parser.c | 219 +++---- + trust/tests/test-persist.c | 155 +++-- + trust/tests/test-token.c | 93 +-- + trust/tests/test-trust.c | 152 +++++ + trust/tests/test-trust.h | 273 +++++++++ + 66 files changed, 6277 insertions(+), 7564 deletions(-) + +commit 7fd6d89d92b6f1b543bf2aa4b2e578201dad7147 +Author: Stef Walter +Date: 2013-04-06 + + Further reorganization of the core module tracking + + * Keep the module ownership apart from the tracking of module + function pointers, since these are only relevant for unmanaged + modules. + * Less assumptions that each module has a raw unmanaged module + function pointer. + * More clarity in the naming of dictionaries tracking the modules. + + p11-kit/modules.c | 349 +++++++++++++++++++++++++----------------------------- + 1 file changed, 161 insertions(+), 188 deletions(-) + +commit eb88be6c0b7ea39a74cd2aa8af33371de4aeb74c +Author: Stef Walter +Date: 2013-04-07 + + Pull the argv parsing code into its own file + + So it can be used from multiple code paths + + common/Makefile.am | 1 + + common/argv.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + common/argv.h | 44 ++++++++++++++++++++ + trust/module.c | 78 ++---------------------------------- + 4 files changed, 164 insertions(+), 74 deletions(-) + +commit 7b848defc704cc1fbb47a16b23727583c14b804d +Author: Stef Walter +Date: 2013-04-06 + + Support /xxx/yyy as an absolute path with Win32 + + Because win32 code doesn't just run on windows, wine runs + with unix style paths. + + common/path.c | 8 ++++---- + common/tests/test-path.c | 2 +- + 2 files changed, 5 insertions(+), 5 deletions(-) + +commit 10d26767fa39f43b0aabb82d73ed88b2c2522397 +Author: Stef Walter +Date: 2013-05-21 + + Bump the version number to unstable - NEWS | 5 +++++ configure.ac | 2 +- - 2 files changed, 6 insertions(+), 1 deletion(-) + 1 file changed, 1 insertion(+), 1 deletion(-) -commit 1b61494bb10866841e52956a2b65b75259f64e3c +commit b73f4ef126bdead47262e29e47d159a89984d65f Author: Stef Walter -Date: 2013-06-05 +Date: 2013-02-19 - trust: Fix crash when C_Initialize args are NULL + Add the log-calls module config option - https://bugs.freedesktop.org/show_bug.cgi?id=65401 + If 'log-calls = yes' is set then all the PKCS#11 modules are logged + to stderr. - trust/module.c | 5 ++++- - trust/tests/test-module.c | 18 ++++++++++++++++++ - 2 files changed, 22 insertions(+), 1 deletion(-) + common/attrs.c | 22 +- + common/attrs.h | 9 + + common/constants.c | 350 ++++++- + common/constants.h | 8 + + common/tests/test-constants.c | 18 +- + doc/manual/Makefile.am | 1 + + doc/manual/p11-kit-sharing.xml | 5 + + doc/manual/pkcs11.conf.xml | 19 + + p11-kit/Makefile.am | 1 + + p11-kit/log.c | 2022 ++++++++++++++++++++++++++++++++++++++++ + p11-kit/log.h | 53 ++ + p11-kit/modules.c | 44 +- + p11-kit/tests/Makefile.am | 1 + + p11-kit/tests/test-log.c | 125 +++ + p11-kit/tests/test-mock.c | 4 +- + 15 files changed, 2646 insertions(+), 36 deletions(-) -commit 3dc38f294af5bbe1939d38ec9b3fcd699f97c8ce +commit a14ff781ebf231daa99990fd65c2312f26db93a8 Author: Stef Walter -Date: 2013-06-05 +Date: 2013-02-19 - trust: Fix reinitialization of trust module - - Track number of C_Initialize calls, and require similar number - of C_Finalize calls to finalize. - - This fixes leaks/disappearing sessions in the trust module. + Manage C_CloseAllSessions function for multiple callers - https://bugs.freedesktop.org/show_bug.cgi?id=65401 + Make C_CloseAllSessions work for different callers. Track the sessions + that each caller opens and close just those when C_CloseAllSessiosn is + called. - trust/module.c | 25 +++++++++++++--- - trust/tests/frob-multi-init.c | 69 +++++++++++++++++++++++++++++++++++++++++++ - trust/tests/test-module.c | 49 ++++++++++++++++++++++++++++++ - 3 files changed, 139 insertions(+), 4 deletions(-) + common/mock.c | 2 +- + doc/manual/p11-kit-sharing.xml | 6 ++ + p11-kit/modules.c | 202 ++++++++++++++++++++++++++++++++++++++++- + p11-kit/tests/test-init.c | 9 +- + p11-kit/tests/test-managed.c | 64 ++++++++++++- + 5 files changed, 275 insertions(+), 8 deletions(-) -commit cf91dc6975424e3ba3971e4496e91036e97419e5 -Author: manphiz@gmail.com -Date: 2013-04-24 +commit 0cb1132469c1e13be64f85cd6566e6617bfe32cc +Author: Stef Walter +Date: 2013-02-15 - Fix uninitialized p11_library_once + Update the proxy module to use managed PKCS#11 modules + + Each time C_GetFunctionList is called on the proxy module, a new + managed PKCS#11 set of functions is returned. These are all cleaned + up when the module is unloaded. - https://bugs.freedesktop.org/show_bug.cgi?id=57714 + We want the proxy module to continue to work even without the highly + recommended libffi. For that reason we still keep the old behavior of + sharing state in the proxy module. - common/library.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + common/mock.c | 9 - + common/mock.h | 11 + + doc/manual/Makefile.am | 1 + + p11-kit/Makefile.am | 2 +- + p11-kit/modules.c | 5 +- + p11-kit/private.h | 4 - + p11-kit/proxy.c | 1465 +++++++++++++++++++++++++++++++++++++------- + p11-kit/proxy.h | 45 ++ + p11-kit/tests/test-mock.c | 26 +- + p11-kit/tests/test-proxy.c | 116 +++- + p11-kit/util.c | 3 + + 11 files changed, 1422 insertions(+), 265 deletions(-) -commit f358242f0068b280c1478075617288095dd95adc +commit 5c19f0cf66495f00ccf69eba1d0915f862a88c8d Author: Stef Walter -Date: 2013-04-05 +Date: 2013-02-06 - Force Mac OS shared library extension to .so - - Darwin and libtool seem confused about what shared library - extension they actually use. + p11-kit: Managed PKCS#11 module loading + + Support a new managed style module loading for PKCS#11 modules. This + allows us to better coordinate between multiple callers of the same + PKCS#11 modules and provide hooks into their behavior. + + This meant redoing the public facing API. The old methods are now + deprecated, marked and documented as such. + + common/compat.c | 6 + + common/compat.h | 4 +- + common/mock.c | 63 +- + common/mock.h | 6 +- + doc/manual/Makefile.am | 2 + + doc/manual/p11-kit-docs.xml | 2 + + doc/manual/p11-kit-proxy.xml | 29 + + doc/manual/p11-kit-sections.txt | 39 +- + doc/manual/p11-kit-sharing.xml | 94 +- + doc/manual/pkcs11.conf.xml | 24 + + gtk-doc.make | 2 +- + p11-kit/Makefile.am | 7 +- + p11-kit/deprecated.h | 97 ++ + p11-kit/docs.h | 38 + + p11-kit/modules.c | 1498 ++++++++++++++++++++---- + p11-kit/modules.h | 51 + + p11-kit/p11-kit.h | 63 +- + p11-kit/private.h | 6 - + p11-kit/proxy.c | 231 ++-- + p11-kit/tests/Makefile.am | 10 +- + p11-kit/tests/files/system-pkcs11.conf | 5 +- + p11-kit/tests/files/user-modules/one.module | 3 +- + p11-kit/tests/test-deprecated.c | 521 +++++++++ + p11-kit/tests/test-init.c | 176 ++- + p11-kit/tests/test-iter.c | 72 +- + p11-kit/tests/test-managed.c | 168 +++ + p11-kit/tests/test-mock.c | 1687 +++++++++++++++++++++++++++ + p11-kit/tests/test-modules.c | 124 +- + p11-kit/tests/test-proxy.c | 94 ++ + tools/extract.c | 15 +- + tools/list.c | 16 +- + tools/tests/test-extract.c | 7 +- + tools/tests/test-openssl.c | 9 +- + tools/tests/test-pem.c | 9 +- + tools/tests/test-x509.c | 9 +- + trust/tests/frob-nss-trust.c | 25 +- + 36 files changed, 4660 insertions(+), 552 deletions(-) + +commit ff853bd7902e271256cada4a1b20a3d46b519b69 +Author: Stef Walter +Date: 2013-01-10 + + Use libffi to implement mixins for managed code + + * This allows us to call into subclassed PKCS#11 modules as if + they were plain old PKCS#11 modules + * libffi is an optional dependency + + configure.ac | 31 + + doc/manual/Makefile.am | 5 +- + doc/manual/p11-kit-devel.xml | 3 + + p11-kit/Makefile.am | 7 +- + p11-kit/tests/Makefile.am | 7 + + p11-kit/tests/test-virtual.c | 183 +++ + p11-kit/virtual.c | 2964 ++++++++++++++++++++++++++++++++++++++++++ + p11-kit/virtual.h | 68 + + 8 files changed, 3265 insertions(+), 3 deletions(-) + +commit a7af75a31010109529a9edddc825538884f326ca +Author: Stef Walter +Date: 2013-02-14 + + Add subclassable CK_X_FUNCTION_LIST + + One of the flaws in PKCS#11 for our usage is that each PKCS#11 module + is not passed the pointer to the function list, ie: the vtable + + Here we define a new function list vtable, where each PKCS#11 function + takes the vtable itself as the first argument. We use this new + list internally to represent subclassable PKCS#11 modules for + various features. + + common/mock.c | 757 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- + common/mock.h | 370 ++++++++++++++++++++++++++- + common/pkcs11x.h | 438 ++++++++++++++++++++++++++++++++ + 3 files changed, 1561 insertions(+), 4 deletions(-) + +commit 06a84bafc7c5f0ac92883e9219a7c00f456df39c +Author: Stef Walter +Date: 2013-05-15 + + Fail early when running automaint.sh + + automaint.sh | 2 ++ + 1 file changed, 2 insertions(+) + +commit de8b99e2f04f94313a7748adedf7535603013951 +Author: Stef Walter +Date: 2013-05-15 + + Implement valgrind's hellgrind checks for threading problems - https://bugs.freedesktop.org/show_bug.cgi?id=57714 + And cleanup our locks/locking model. There's no need to use + recursive locks, especially since we can't use them on all + platforms. In addition adjust taking of locks during initialization + so that there's no chance of deadlocking here. - configure.ac | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) + automaint.sh | 2 +- + build/Makefile.decl | 5 +++++ + build/Makefile.tests | 5 +++++ + common/compat.c | 2 +- + p11-kit/modules.c | 2 +- + 5 files changed, 13 insertions(+), 3 deletions(-) commit 4bd7eda265b94dfcb9a1db4aba756e1e05dd4f87 Author: Stef Walter diff --git a/INSTALL b/INSTALL index 007e939..6e90e07 100644 --- a/INSTALL +++ b/INSTALL @@ -1,7 +1,7 @@ Installation Instructions ************************* -Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation, +Copyright (C) 1994-1996, 1999-2002, 2004-2012 Free Software Foundation, Inc. Copying and distribution of this file, with or without modification, diff --git a/Makefile.in b/Makefile.in index a39e70a..702bcae 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.13.4 from Makefile.am. +# Makefile.in generated by automake 1.13.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,51 +14,23 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -249,6 +221,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ @@ -455,12 +429,13 @@ distclean-libtool: # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ @@ -873,6 +848,11 @@ leakcheck: test "$$dir" = "." || $(MAKE) -C $$dir leakcheck; \ done +hellcheck: + @for dir in $(SUBDIRS); do \ + test "$$dir" = "." || $(MAKE) -C $$dir hellcheck; \ + done + dist-hook: @if test -d "$(srcdir)/.git"; \ then \ diff --git a/NEWS b/NEWS index 9eee0d2..f7aa050 100644 --- a/NEWS +++ b/NEWS @@ -1,10 +1,13 @@ -0.18.4 (stable) - * Cleanup related to external p11-kit tool commands - -0.18.3 (stable) - * Fix reinitialization of trust module [#65401] - * Fix crash in trust module C_Initialize - * Mac OS fixes [#57714] +0.19.0 (unstable) + * Refactor API to be able to handle managed modules + * Deprecate much of old p11-kit API + * Implement concept of managed modules + * Make C_CloseAllSessions function work for multiple callers + * New dependency on libffi + * Fix possible threading problems reported by hellgrind + * Add log-calls option + * Mark p11_kit_message() as a stable function + * Use our own unit testing framework 0.18.2 (stable) * Build fixes [#64378 ...] diff --git a/aclocal.m4 b/aclocal.m4 index 84f8019..73c7bf7 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.13.4 -*- Autoconf -*- +# generated automatically by aclocal 1.13.1 -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2012 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -292,7 +292,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.13' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.13.4], [], +m4_if([$1], [1.13.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -308,7 +308,7 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.13.4])dnl +[AM_AUTOMAKE_VERSION([1.13.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) @@ -630,7 +630,7 @@ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue + test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the @@ -1250,114 +1250,76 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar -# AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AC_SUBST([AMTAR], ['$${TAR-tar}']) - -# We'll loop over all known methods to create a tar archive until one works. +m4_if([$1], [v7], + [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], + [m4_case([$1], [ustar],, [pax],, + [m4_fatal([Unknown tar format])]) +AC_MSG_CHECKING([how to create a $1 tar archive]) +# Loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' +_am_tools=${am_cv_prog_tar_$1-$_am_tools} +# Do not fold the above two line into one, because Tru64 sh and +# Solaris sh will not grok spaces in the rhs of '-'. +for _am_tool in $_am_tools +do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; + do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac -m4_if([$1], [v7], - [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], - - [m4_case([$1], - [ustar], - [# The POSIX 1988 'ustar' format is defined with fixed-size fields. - # There is notably a 21 bits limit for the UID and the GID. In fact, - # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 - # and bug#13588). - am_max_uid=2097151 # 2^21 - 1 - am_max_gid=$am_max_uid - # The $UID and $GID variables are not portable, so we need to resort - # to the POSIX-mandated id(1) utility. Errors in the 'id' calls - # below are definitely unexpected, so allow the users to see them - # (that is, avoid stderr redirection). - am_uid=`id -u || echo unknown` - am_gid=`id -g || echo unknown` - AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) - if test $am_uid -le $am_max_uid; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - _am_tools=none - fi - AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) - if test $am_gid -le $am_max_gid; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - _am_tools=none - fi], - - [pax], - [], - - [m4_fatal([Unknown tar format])]) - - AC_MSG_CHECKING([how to create a $1 tar archive]) - - # Go ahead even if we have the value already cached. We do so because we - # need to set the values for the 'am__tar' and 'am__untar' variables. - _am_tools=${am_cv_prog_tar_$1-$_am_tools} - - for _am_tool in $_am_tools; do - case $_am_tool in - gnutar) - for _am_tar in tar gnutar gtar; do - AM_RUN_LOG([$_am_tar --version]) && break - done - am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' - am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' - am__untar="$_am_tar -xf -" - ;; - plaintar) - # Must skip GNU tar: if it does not support --format= it doesn't create - # ustar tarball either. - (tar --version) >/dev/null 2>&1 && continue - am__tar='tar chf - "$$tardir"' - am__tar_='tar chf - "$tardir"' - am__untar='tar xf -' - ;; - pax) - am__tar='pax -L -x $1 -w "$$tardir"' - am__tar_='pax -L -x $1 -w "$tardir"' - am__untar='pax -r' - ;; - cpio) - am__tar='find "$$tardir" -print | cpio -o -H $1 -L' - am__tar_='find "$tardir" -print | cpio -o -H $1 -L' - am__untar='cpio -i -H $1 -d' - ;; - none) - am__tar=false - am__tar_=false - am__untar=false - ;; - esac + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break - # If the value was cached, stop now. We just wanted to have am__tar - # and am__untar set. - test -n "${am_cv_prog_tar_$1}" && break - - # tar/untar a dummy directory, and stop if the command works. - rm -rf conftest.dir - mkdir conftest.dir - echo GrepMe > conftest.dir/file - AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) - rm -rf conftest.dir - if test -s conftest.tar; then - AM_RUN_LOG([$am__untar /dev/null 2>&1 && break - fi - done + # tar/untar a dummy directory, and stop if the command works rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi +done +rm -rf conftest.dir - AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) - AC_MSG_RESULT([$am_cv_prog_tar_$1])]) - +AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) +AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR diff --git a/build/Makefile.am b/build/Makefile.am index 6f80eab..11337b1 100644 --- a/build/Makefile.am +++ b/build/Makefile.am @@ -2,16 +2,8 @@ SUBDIRS = certs EXTRA_DIST = \ - cutest \ Makefile.tests -noinst_LTLIBRARIES = \ - libcutest.la - -libcutest_la_SOURCES = \ - cutest/CuTest.c \ - cutest/CuTest.h - memcheck: leakcheck: diff --git a/build/Makefile.decl b/build/Makefile.decl index c90c22b..8dca4e7 100644 --- a/build/Makefile.decl +++ b/build/Makefile.decl @@ -9,3 +9,8 @@ leakcheck: @for dir in $(SUBDIRS); do \ test "$$dir" = "." || $(MAKE) -C $$dir leakcheck; \ done + +hellcheck: + @for dir in $(SUBDIRS); do \ + test "$$dir" = "." || $(MAKE) -C $$dir hellcheck; \ + done diff --git a/build/Makefile.in b/build/Makefile.in index bf8b3ea..5e0bfac 100644 --- a/build/Makefile.in +++ b/build/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.13.4 from Makefile.am. +# Makefile.in generated by automake 1.13.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -13,53 +13,24 @@ # PARTICULAR PURPOSE. @SET_MAKE@ - VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -79,8 +50,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = build -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/build/m4/gettext.m4 \ $(top_srcdir)/build/m4/iconv.m4 \ @@ -100,14 +70,6 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -LTLIBRARIES = $(noinst_LTLIBRARIES) -libcutest_la_LIBADD = -am_libcutest_la_OBJECTS = CuTest.lo -libcutest_la_OBJECTS = $(am_libcutest_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -120,30 +82,8 @@ AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/depcomp -am__depfiles_maybe = depfiles -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(libcutest_la_SOURCES) -DIST_SOURCES = $(libcutest_la_SOURCES) +SOURCES = +DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ @@ -257,6 +197,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ @@ -371,20 +313,11 @@ top_srcdir = @top_srcdir@ with_trust_paths = @with_trust_paths@ SUBDIRS = certs EXTRA_DIST = \ - cutest \ Makefile.tests -noinst_LTLIBRARIES = \ - libcutest.la - -libcutest_la_SOURCES = \ - cutest/CuTest.c \ - cutest/CuTest.h - all: all-recursive .SUFFIXES: -.SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ @@ -416,56 +349,6 @@ $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -clean-noinstLTLIBRARIES: - -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) - @list='$(noinst_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -libcutest.la: $(libcutest_la_OBJECTS) $(libcutest_la_DEPENDENCIES) $(EXTRA_libcutest_la_DEPENDENCIES) - $(AM_V_CCLD)$(LINK) $(libcutest_la_OBJECTS) $(libcutest_la_LIBADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/CuTest.Plo@am__quote@ - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -CuTest.lo: cutest/CuTest.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT CuTest.lo -MD -MP -MF $(DEPDIR)/CuTest.Tpo -c -o CuTest.lo `test -f 'cutest/CuTest.c' || echo '$(srcdir)/'`cutest/CuTest.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/CuTest.Tpo $(DEPDIR)/CuTest.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='cutest/CuTest.c' object='CuTest.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o CuTest.lo `test -f 'cutest/CuTest.c' || echo '$(srcdir)/'`cutest/CuTest.c - mostlyclean-libtool: -rm -f *.lo @@ -479,12 +362,13 @@ clean-libtool: # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ @@ -628,7 +512,7 @@ distdir: $(DISTFILES) done check-am: all-am check: check-recursive -all-am: Makefile $(LTLIBRARIES) +all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive @@ -663,14 +547,11 @@ maintainer-clean-generic: @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive -clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ - mostlyclean-am +clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive - -rm -rf ./$(DEPDIR) -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags +distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive @@ -713,14 +594,12 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool +mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive @@ -735,9 +614,8 @@ uninstall-am: .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ - check-am clean clean-generic clean-libtool \ - clean-noinstLTLIBRARIES cscopelist-am ctags ctags-am distclean \ - distclean-compile distclean-generic distclean-libtool \ + check-am clean clean-generic clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ @@ -745,9 +623,8 @@ uninstall-am: install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ installdirs-am maintainer-clean maintainer-clean-generic \ - mostlyclean mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ - uninstall-am + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-am uninstall uninstall-am memcheck: diff --git a/build/Makefile.tests b/build/Makefile.tests index 3faa7f3..429f5fe 100644 --- a/build/Makefile.tests +++ b/build/Makefile.tests @@ -1,19 +1,21 @@ NULL = -CUTEST_CFLAGS = \ - -I$(top_srcdir)/build/cutest \ +TEST_CFLAGS = \ -DSRCDIR=\"$(abs_srcdir)\" \ -DBUILDDIR=\"$(abs_builddir)\" \ -DP11_KIT_FUTURE_UNSTABLE_API -CUTEST_LIBS = $(top_builddir)/build/libcutest.la - MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet --trace-children=yes LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes +HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind + memcheck: all make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(MEMCHECK_ENV)" check-TESTS leakcheck: all make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS + +hellcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS diff --git a/build/certs/Makefile.in b/build/certs/Makefile.in index e584632..37ad9a6 100644 --- a/build/certs/Makefile.in +++ b/build/certs/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.13.4 from Makefile.am. +# Makefile.in generated by automake 1.13.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -18,51 +18,23 @@ # We copy everything into its final location, and those test files are # distributed in the tarballs VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -169,6 +141,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ diff --git a/build/cutest/CuTest.c b/build/cutest/CuTest.c deleted file mode 100644 index b033483..0000000 --- a/build/cutest/CuTest.c +++ /dev/null @@ -1,329 +0,0 @@ -#include -#include -#include -#include -#include -#include - -#include "CuTest.h" - -/*-------------------------------------------------------------------------* - * CuStr - *-------------------------------------------------------------------------*/ - -char* CuStrAlloc(int size) -{ - char* newStr = (char*) malloc( sizeof(char) * (size) ); - return newStr; -} - -char* CuStrCopy(const char* old) -{ - int len = strlen(old); - char* newStr = CuStrAlloc(len + 1); - strcpy(newStr, old); - return newStr; -} - -/*-------------------------------------------------------------------------* - * CuString - *-------------------------------------------------------------------------*/ - -void CuStringInit(CuString* str) -{ - str->length = 0; - str->size = STRING_MAX; - str->buffer = (char*) malloc(sizeof(char) * str->size); - str->buffer[0] = '\0'; -} - -CuString* CuStringNew(void) -{ - CuString* str = (CuString*) malloc(sizeof(CuString)); - str->length = 0; - str->size = STRING_MAX; - str->buffer = (char*) malloc(sizeof(char) * str->size); - str->buffer[0] = '\0'; - return str; -} - -void CuStringDelete(CuString *str) -{ - if (!str) return; - free(str->buffer); - free(str); -} - -void CuStringResize(CuString* str, int newSize) -{ - str->buffer = (char*) realloc(str->buffer, sizeof(char) * newSize); - str->size = newSize; -} - -void CuStringAppend(CuString* str, const char* text) -{ - int length; - - if (text == NULL) { - text = "NULL"; - } - - length = strlen(text); - if (str->length + length + 1 >= str->size) - CuStringResize(str, str->length + length + 1 + STRING_INC); - str->length += length; - strcat(str->buffer, text); -} - -void CuStringAppendChar(CuString* str, char ch) -{ - char text[2]; - text[0] = ch; - text[1] = '\0'; - CuStringAppend(str, text); -} - -void CuStringAppendFormat(CuString* str, const char* format, ...) -{ - va_list argp; - char buf[HUGE_STRING_LEN]; - va_start(argp, format); - vsprintf(buf, format, argp); - va_end(argp); - CuStringAppend(str, buf); -} - -void CuStringInsert(CuString* str, const char* text, int pos) -{ - int length = strlen(text); - if (pos > str->length) - pos = str->length; - if (str->length + length + 1 >= str->size) - CuStringResize(str, str->length + length + 1 + STRING_INC); - memmove(str->buffer + pos + length, str->buffer + pos, (str->length - pos) + 1); - str->length += length; - memcpy(str->buffer + pos, text, length); -} - -/*-------------------------------------------------------------------------* - * CuTest - *-------------------------------------------------------------------------*/ - -void CuTestInit(CuTest* t, const char* name, TestFunction function) -{ - t->name = CuStrCopy(name); - t->failed = 0; - t->ran = 0; - t->message = NULL; - t->function = function; - t->jumpBuf = NULL; -} - -CuTest* CuTestNew(const char* name, TestFunction function) -{ - CuTest* tc = CU_ALLOC(CuTest); - CuTestInit(tc, name, function); - return tc; -} - -void CuTestDelete(CuTest *t) -{ - if (!t) return; - free(t->name); - free(t); -} - -void CuTestRun(CuTest* tc) -{ - jmp_buf buf; - tc->jumpBuf = &buf; - if (setjmp(buf) == 0) - { - tc->ran = 1; - (tc->function)(tc); - } - tc->jumpBuf = 0; -} - -static void CuFailInternal(CuTest* tc, const char* file, int line, CuString* string) -{ - char buf[HUGE_STRING_LEN]; - - sprintf(buf, "%s:%d: ", file, line); - CuStringInsert(string, buf, 0); - - tc->failed = 1; - tc->message = string->buffer; - if (tc->jumpBuf != 0) longjmp(*(tc->jumpBuf), 0); -} - -void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message) -{ - CuString string; - - CuStringInit(&string); - if (message2 != NULL) - { - CuStringAppend(&string, message2); - CuStringAppend(&string, ": "); - } - CuStringAppend(&string, message); - CuFailInternal(tc, file, line, &string); -} - -void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition) -{ - if (condition) return; - CuFail_Line(tc, file, line, NULL, message); -} - -void CuAssertStrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, - const char* expected, const char* actual) -{ - CuString string; - if ((expected == NULL && actual == NULL) || - (expected != NULL && actual != NULL && - strcmp(expected, actual) == 0)) - { - return; - } - - CuStringInit(&string); - if (message != NULL) - { - CuStringAppend(&string, message); - CuStringAppend(&string, ": "); - } - CuStringAppend(&string, "expected <"); - CuStringAppend(&string, expected); - CuStringAppend(&string, "> but was <"); - CuStringAppend(&string, actual); - CuStringAppend(&string, ">"); - CuFailInternal(tc, file, line, &string); -} - -void CuAssertIntEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, - int expected, int actual) -{ - char buf[STRING_MAX]; - if (expected == actual) return; - sprintf(buf, "expected <%d> but was <%d>", expected, actual); - CuFail_Line(tc, file, line, message, buf); -} - -void CuAssertPtrEquals_LineMsg(CuTest* tc, const char* file, int line, const char* message, - void* expected, void* actual) -{ - char buf[STRING_MAX]; - if (expected == actual) return; - sprintf(buf, "expected pointer <0x%p> but was <0x%p>", expected, actual); - CuFail_Line(tc, file, line, message, buf); -} - - -/*-------------------------------------------------------------------------* - * CuSuite - *-------------------------------------------------------------------------*/ - -void CuSuiteInit(CuSuite* testSuite) -{ - testSuite->count = 0; - testSuite->failCount = 0; - memset(testSuite->list, 0, sizeof(testSuite->list)); -} - -CuSuite* CuSuiteNew(void) -{ - CuSuite* testSuite = CU_ALLOC(CuSuite); - CuSuiteInit(testSuite); - return testSuite; -} - -void CuSuiteDelete(CuSuite *testSuite) -{ - unsigned int n; - for (n=0; n < MAX_TEST_CASES; n++) - { - if (testSuite->list[n]) - { - CuTestDelete(testSuite->list[n]); - } - } - free(testSuite); - -} - -void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase) -{ - assert(testSuite->count < MAX_TEST_CASES); - testSuite->list[testSuite->count] = testCase; - testSuite->count++; -} - -void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2) -{ - int i; - for (i = 0 ; i < testSuite2->count ; ++i) - { - CuTest* testCase = testSuite2->list[i]; - CuSuiteAdd(testSuite, testCase); - } -} - -void CuSuiteRun(CuSuite* testSuite) -{ - int i; - for (i = 0 ; i < testSuite->count ; ++i) - { - CuTest* testCase = testSuite->list[i]; - CuTestRun(testCase); - if (testCase->failed) { testSuite->failCount += 1; } - } -} - -void CuSuiteSummary(CuSuite* testSuite, CuString* summary) -{ - int i; - for (i = 0 ; i < testSuite->count ; ++i) - { - CuTest* testCase = testSuite->list[i]; - CuStringAppend(summary, testCase->failed ? "F" : "."); - } - CuStringAppend(summary, "\n\n"); -} - -void CuSuiteDetails(CuSuite* testSuite, CuString* details) -{ - int i; - int failCount = 0; - - if (testSuite->failCount == 0) - { - int passCount = testSuite->count - testSuite->failCount; - const char* testWord = passCount == 1 ? "test" : "tests"; - CuStringAppendFormat(details, "OK (%d %s)\n", passCount, testWord); - } - else - { - if (testSuite->failCount == 1) - CuStringAppend(details, "There was 1 failure:\n"); - else - CuStringAppendFormat(details, "There were %d failures:\n", testSuite->failCount); - - for (i = 0 ; i < testSuite->count ; ++i) - { - CuTest* testCase = testSuite->list[i]; - if (testCase->failed) - { - failCount++; - CuStringAppendFormat(details, "%d) %s: %s\n", - failCount, testCase->name, testCase->message); - } - } - CuStringAppend(details, "\n!!!FAILURES!!!\n"); - - CuStringAppendFormat(details, "Runs: %d ", testSuite->count); - CuStringAppendFormat(details, "Passes: %d ", testSuite->count - testSuite->failCount); - CuStringAppendFormat(details, "Fails: %d\n", testSuite->failCount); - } -} diff --git a/build/cutest/CuTest.h b/build/cutest/CuTest.h deleted file mode 100644 index b82d05b..0000000 --- a/build/cutest/CuTest.h +++ /dev/null @@ -1,111 +0,0 @@ -#ifndef CU_TEST_H -#define CU_TEST_H - -#include -#include - -#define CUTEST_VERSION "CuTest 1.5" - -/* CuString */ - -char* CuStrAlloc(int size); -char* CuStrCopy(const char* old); - -#define CU_ALLOC(TYPE) ((TYPE*) malloc(sizeof(TYPE))) - -#define HUGE_STRING_LEN 8192 -#define STRING_MAX 256 -#define STRING_INC 256 - -typedef struct -{ - int length; - int size; - char* buffer; -} CuString; - -void CuStringInit(CuString* str); -CuString* CuStringNew(void); -void CuStringRead(CuString* str, const char* path); -void CuStringAppend(CuString* str, const char* text); -void CuStringAppendChar(CuString* str, char ch); -void CuStringAppendFormat(CuString* str, const char* format, ...); -void CuStringInsert(CuString* str, const char* text, int pos); -void CuStringResize(CuString* str, int newSize); -void CuStringDelete(CuString* str); - -/* CuTest */ - -typedef struct CuTest CuTest; - -typedef void (*TestFunction)(CuTest *); - -struct CuTest -{ - char* name; - TestFunction function; - int failed; - int ran; - const char* message; - jmp_buf *jumpBuf; -}; - -void CuTestInit(CuTest* t, const char* name, TestFunction function); -CuTest* CuTestNew(const char* name, TestFunction function); -void CuTestRun(CuTest* tc); -void CuTestDelete(CuTest *t); - -/* Internal versions of assert functions -- use the public versions */ -void CuFail_Line(CuTest* tc, const char* file, int line, const char* message2, const char* message); -void CuAssert_Line(CuTest* tc, const char* file, int line, const char* message, int condition); -void CuAssertStrEquals_LineMsg(CuTest* tc, - const char* file, int line, const char* message, - const char* expected, const char* actual); -void CuAssertIntEquals_LineMsg(CuTest* tc, - const char* file, int line, const char* message, - int expected, int actual); -void CuAssertPtrEquals_LineMsg(CuTest* tc, - const char* file, int line, const char* message, - void* expected, void* actual); - -/* public assert functions */ - -#define CuFail(tc, ms) CuFail_Line( (tc), __FILE__, __LINE__, NULL, (ms)) -#define CuAssert(tc, ms, cond) CuAssert_Line((tc), __FILE__, __LINE__, (ms), (cond)) -#define CuAssertTrue(tc, cond) CuAssert_Line((tc), __FILE__, __LINE__, "assert failed", (cond)) - -#define CuAssertStrEquals(tc,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) -#define CuAssertStrEquals_Msg(tc,ms,ex,ac) CuAssertStrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) -#define CuAssertIntEquals(tc,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) -#define CuAssertIntEquals_Msg(tc,ms,ex,ac) CuAssertIntEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) -#define CuAssertPtrEquals(tc,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,NULL,(ex),(ac)) -#define CuAssertPtrEquals_Msg(tc,ms,ex,ac) CuAssertPtrEquals_LineMsg((tc),__FILE__,__LINE__,(ms),(ex),(ac)) - -#define CuAssertPtrNotNull(tc,p) CuAssert_Line((tc),__FILE__,__LINE__,"null pointer unexpected",(p != NULL)) -#define CuAssertPtrNotNullMsg(tc,msg,p) CuAssert_Line((tc),__FILE__,__LINE__,(msg),(p != NULL)) - -/* CuSuite */ - -#define MAX_TEST_CASES 1024 - -#define SUITE_ADD_TEST(SUITE,TEST) CuSuiteAdd(SUITE, CuTestNew(#TEST, TEST)) - -typedef struct -{ - int count; - CuTest* list[MAX_TEST_CASES]; - int failCount; - -} CuSuite; - - -void CuSuiteInit(CuSuite* testSuite); -CuSuite* CuSuiteNew(void); -void CuSuiteDelete(CuSuite *testSuite); -void CuSuiteAdd(CuSuite* testSuite, CuTest *testCase); -void CuSuiteAddSuite(CuSuite* testSuite, CuSuite* testSuite2); -void CuSuiteRun(CuSuite* testSuite); -void CuSuiteSummary(CuSuite* testSuite, CuString* summary); -void CuSuiteDetails(CuSuite* testSuite, CuString* details); - -#endif /* CU_TEST_H */ diff --git a/build/cutest/README.txt b/build/cutest/README.txt deleted file mode 100644 index 96e8853..0000000 --- a/build/cutest/README.txt +++ /dev/null @@ -1,211 +0,0 @@ -HOW TO USE - -You can use CuTest to create unit tests to drive your development -in the style of Extreme Programming. You can also add unit tests to -existing code to ensure that it works as you suspect. - -Your unit tests are an investment. They let you to change your -code and add new features confidently without worrying about -accidentally breaking earlier features. - - -LICENSING - -For details on licensing see license.txt. - - -GETTING STARTED - -To add unit testing to your C code the only files you need are -CuTest.c and CuTest.h. - -CuTestTest.c and AllTests.c have been included to provide an -example of how to write unit tests and then how to aggregate them -into suites and into a single AllTests.c file. Suites allow you -to put group tests into logical sets. AllTests.c combines all the -suites and runs them. - -You should not have to look inside CuTest.c. Looking in -CuTestTest.c and AllTests.c (for example usage) should be -sufficient. - -After downloading the sources, run your compiler to create an -executable called AllTests.exe. For example, if you are using -Windows with the cl.exe compiler you would type: - - cl.exe AllTests.c CuTest.c CuTestTest.c - AllTests.exe - -This will run all the unit tests associated with CuTest and print -the output on the console. You can replace cl.exe with gcc or -your favorite compiler in the command above. - - -DETAILED EXAMPLE - -Here is a more detailed example. We will work through a simple -test first exercise. The goal is to create a library of string -utilities. First, lets write a function that converts a -null-terminated string to all upper case. - -Ensure that CuTest.c and CuTest.h are accessible from your C -project. Next, create a file called StrUtil.c with these -contents: - - #include "CuTest.h" - - char* StrToUpper(char* str) { - return str; - } - - void TestStrToUpper(CuTest *tc) { - char* input = strdup("hello world"); - char* actual = StrToUpper(input); - char* expected = "HELLO WORLD"; - CuAssertStrEquals(tc, expected, actual); - } - - CuSuite* StrUtilGetSuite() { - CuSuite* suite = CuSuiteNew(); - SUITE_ADD_TEST(suite, TestStrToUpper); - return suite; - } - -Create another file called AllTests.c with these contents: - - #include "CuTest.h" - - CuSuite* StrUtilGetSuite(); - - void RunAllTests(void) { - CuString *output = CuStringNew(); - CuSuite* suite = CuSuiteNew(); - - CuSuiteAddSuite(suite, StrUtilGetSuite()); - - CuSuiteRun(suite); - CuSuiteSummary(suite, output); - CuSuiteDetails(suite, output); - printf("%s\n", output->buffer); - } - - int main(void) { - RunAllTests(); - } - -Then type this on the command line: - - gcc AllTests.c CuTest.c StrUtil.c - -to compile. You can replace gcc with your favorite compiler. -CuTest should be portable enough to handle all Windows and Unix -compilers. Then to run the tests type: - - a.out - -This will print an error because we haven't implemented the -StrToUpper function correctly. We are just returning the string -without changing it to upper case. - - char* StrToUpper(char* str) { - return str; - } - -Rewrite this as follows: - - char* StrToUpper(char* str) { - char* p; - for (p = str ; *p ; ++p) *p = toupper(*p); - return str; - } - -Recompile and run the tests again. The test should pass this -time. - - -WHAT TO DO NEXT - -At this point you might want to write more tests for the -StrToUpper function. Here are some ideas: - -TestStrToUpper_EmptyString : pass in "" -TestStrToUpper_UpperCase : pass in "HELLO WORLD" -TestStrToUpper_MixedCase : pass in "HELLO world" -TestStrToUpper_Numbers : pass in "1234 hello" - -As you write each one of these tests add it to StrUtilGetSuite -function. If you don't the tests won't be run. Later as you write -other functions and write tests for them be sure to include those -in StrUtilGetSuite also. The StrUtilGetSuite function should -include all the tests in StrUtil.c - -Over time you will create another file called FunkyStuff.c -containing other functions unrelated to StrUtil. Follow the same -pattern. Create a FunkyStuffGetSuite function in FunkyStuff.c. -And add FunkyStuffGetSuite to AllTests.c. - -The framework is designed in the way it is so that it is easy to -organize a lot of tests. - -THE BIG PICTURE - -Each individual test corresponds to a CuTest. These are grouped -to form a CuSuite. CuSuites can hold CuTests or other CuSuites. -AllTests.c collects all the CuSuites in the program into a single -CuSuite which it then runs as a single CuSuite. - -The project is open source so feel free to take a peek under the -hood at the CuTest.c file to see how it works. CuTestTest.c -contains tests for CuTest.c. So CuTest tests itself. - -Since AllTests.c has a main() you will need to exclude this when -you are building your product. Here is a nicer way to do this if -you want to avoid messing with multiple builds. Remove the main() -in AllTests.c. Note that it just calls RunAllTests(). Instead -we'll call this directly from the main program. - -Now in the main() of the actual program check to see if the -command line option "--test" was passed. If it was then I call -RunAllTests() from AllTests.c. Otherwise run the real program. - -Shipping the tests with the code can be useful. If you customers -complain about a problem you can ask them to run the unit tests -and send you the output. This can help you to quickly isolate the -piece of your system that is malfunctioning in the customer's -environment. - -CuTest offers a rich set of CuAssert functions. Here is a list: - -void CuAssert(CuTest* tc, char* message, int condition); -void CuAssertTrue(CuTest* tc, int condition); -void CuAssertStrEquals(CuTest* tc, char* expected, char* actual); -void CuAssertIntEquals(CuTest* tc, int expected, int actual); -void CuAssertPtrEquals(CuTest* tc, void* expected, void* actual); -void CuAssertPtrNotNull(CuTest* tc, void* pointer); - -The project is open source and so you can add other more powerful -asserts to make your tests easier to write and more concise. -Please feel free to send me changes you make so that I can -incorporate them into future releases. - -If you see any errors in this document please contact me at -asimjalis@peakprogramming.com. - - -AUTOMATING TEST SUITE GENERATION - -make-tests.sh will grep through all the .c files in the current -directory and generate the code to run all the tests contained in -them. Using this script you don't have to worry about writing -AllTests.c or dealing with any of the other suite code. - - -CREDITS - -These people have contributed useful code changes to the CuTest project. -Thanks! - -- [02.23.2003] Dave Glowacki -- [04.17.2009] Tobias Lippert -- [11.13.2009] Eli Bendersky -- [12.14.2009] Andrew Brown diff --git a/build/cutest/license.txt b/build/cutest/license.txt deleted file mode 100644 index 3d94167..0000000 --- a/build/cutest/license.txt +++ /dev/null @@ -1,38 +0,0 @@ -NOTE - -The license is based on the zlib/libpng license. For more details see -http://www.opensource.org/licenses/zlib-license.html. The intent of the -license is to: - -- keep the license as simple as possible -- encourage the use of CuTest in both free and commercial applications - and libraries -- keep the source code together -- give credit to the CuTest contributors for their work - -If you ship CuTest in source form with your source distribution, the -following license document must be included with it in unaltered form. -If you find CuTest useful we would like to hear about it. - -LICENSE - -Copyright (c) 2003 Asim Jalis - -This software is provided 'as-is', without any express or implied -warranty. In no event will the authors be held liable for any damages -arising from the use of this software. - -Permission is granted to anyone to use this software for any purpose, -including commercial applications, and to alter it and redistribute it -freely, subject to the following restrictions: - -1. The origin of this software must not be misrepresented; you must not -claim that you wrote the original software. If you use this software in -a product, an acknowledgment in the product documentation would be -appreciated but is not required. - -2. Altered source versions must be plainly marked as such, and must not -be misrepresented as being the original software. - -3. This notice may not be removed or altered from any source -distribution. diff --git a/common/Makefile.am b/common/Makefile.am index b583a5c..b3e4eaf 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -12,10 +12,11 @@ inc_HEADERS = \ noinst_LTLIBRARIES = \ libp11-common.la \ libp11-library.la \ - libp11-mock.la \ + libp11-test.la \ $(NULL) libp11_common_la_SOURCES = \ + argv.c argv.h \ attrs.c attrs.h \ array.c array.h \ buffer.c buffer.h \ @@ -35,8 +36,9 @@ libp11_library_la_SOURCES = \ library.c library.h \ $(NULL) -libp11_mock_la_SOURCES = \ +libp11_test_la_SOURCES = \ mock.c mock.h \ + test.c test.h \ $(NULL) if WITH_ASN1 diff --git a/common/Makefile.in b/common/Makefile.in index 5b6ae54..af32972 100644 --- a/common/Makefile.in +++ b/common/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.13.4 from Makefile.am. +# Makefile.in generated by automake 1.13.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,51 +16,23 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -108,9 +80,9 @@ CONFIG_CLEAN_VPATH_FILES = LTLIBRARIES = $(noinst_LTLIBRARIES) libp11_common_la_LIBADD = am__objects_1 = -am_libp11_common_la_OBJECTS = attrs.lo array.lo buffer.lo compat.lo \ - constants.lo debug.lo dict.lo hash.lo lexer.lo message.lo \ - path.lo url.lo $(am__objects_1) +am_libp11_common_la_OBJECTS = argv.lo attrs.lo array.lo buffer.lo \ + compat.lo constants.lo debug.lo dict.lo hash.lo lexer.lo \ + message.lo path.lo url.lo $(am__objects_1) libp11_common_la_OBJECTS = $(am_libp11_common_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -133,9 +105,9 @@ libp11_data_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ libp11_library_la_LIBADD = am_libp11_library_la_OBJECTS = library.lo $(am__objects_1) libp11_library_la_OBJECTS = $(am_libp11_library_la_OBJECTS) -libp11_mock_la_LIBADD = -am_libp11_mock_la_OBJECTS = mock.lo $(am__objects_1) -libp11_mock_la_OBJECTS = $(am_libp11_mock_la_OBJECTS) +libp11_test_la_LIBADD = +am_libp11_test_la_OBJECTS = mock.lo test.lo $(am__objects_1) +libp11_test_la_OBJECTS = $(am_libp11_test_la_OBJECTS) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -171,10 +143,10 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(libp11_common_la_SOURCES) $(libp11_data_la_SOURCES) \ - $(libp11_library_la_SOURCES) $(libp11_mock_la_SOURCES) + $(libp11_library_la_SOURCES) $(libp11_test_la_SOURCES) DIST_SOURCES = $(libp11_common_la_SOURCES) \ $(am__libp11_data_la_SOURCES_DIST) \ - $(libp11_library_la_SOURCES) $(libp11_mock_la_SOURCES) + $(libp11_library_la_SOURCES) $(libp11_test_la_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ @@ -317,6 +289,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ @@ -436,9 +410,10 @@ inc_HEADERS = \ pkcs11.h \ $(NULL) -noinst_LTLIBRARIES = libp11-common.la libp11-library.la libp11-mock.la \ +noinst_LTLIBRARIES = libp11-common.la libp11-library.la libp11-test.la \ $(NULL) $(am__append_1) libp11_common_la_SOURCES = \ + argv.c argv.h \ attrs.c attrs.h \ array.c array.h \ buffer.c buffer.h \ @@ -458,8 +433,9 @@ libp11_library_la_SOURCES = \ library.c library.h \ $(NULL) -libp11_mock_la_SOURCES = \ +libp11_test_la_SOURCES = \ mock.c mock.h \ + test.c test.h \ $(NULL) @WITH_ASN1_TRUE@libp11_data_la_SOURCES = \ @@ -523,18 +499,14 @@ clean-noinstLTLIBRARIES: echo rm -f $${locs}; \ rm -f $${locs}; \ } - libp11-common.la: $(libp11_common_la_OBJECTS) $(libp11_common_la_DEPENDENCIES) $(EXTRA_libp11_common_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libp11_common_la_OBJECTS) $(libp11_common_la_LIBADD) $(LIBS) - libp11-data.la: $(libp11_data_la_OBJECTS) $(libp11_data_la_DEPENDENCIES) $(EXTRA_libp11_data_la_DEPENDENCIES) $(AM_V_CCLD)$(libp11_data_la_LINK) $(am_libp11_data_la_rpath) $(libp11_data_la_OBJECTS) $(libp11_data_la_LIBADD) $(LIBS) - libp11-library.la: $(libp11_library_la_OBJECTS) $(libp11_library_la_DEPENDENCIES) $(EXTRA_libp11_library_la_DEPENDENCIES) $(AM_V_CCLD)$(LINK) $(libp11_library_la_OBJECTS) $(libp11_library_la_LIBADD) $(LIBS) - -libp11-mock.la: $(libp11_mock_la_OBJECTS) $(libp11_mock_la_DEPENDENCIES) $(EXTRA_libp11_mock_la_DEPENDENCIES) - $(AM_V_CCLD)$(LINK) $(libp11_mock_la_OBJECTS) $(libp11_mock_la_LIBADD) $(LIBS) +libp11-test.la: $(libp11_test_la_OBJECTS) $(libp11_test_la_DEPENDENCIES) $(EXTRA_libp11_test_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libp11_test_la_OBJECTS) $(libp11_test_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -542,6 +514,7 @@ mostlyclean-compile: distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/argv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/array.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attrs.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/buffer.Plo@am__quote@ @@ -561,6 +534,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/message.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mock.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/path.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/url.Plo@am__quote@ .c.o: @@ -660,12 +634,13 @@ uninstall-incHEADERS: # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ @@ -944,6 +919,11 @@ leakcheck: test "$$dir" = "." || $(MAKE) -C $$dir leakcheck; \ done +hellcheck: + @for dir in $(SUBDIRS); do \ + test "$$dir" = "." || $(MAKE) -C $$dir hellcheck; \ + done + @WITH_ASN1_TRUE@asn: @WITH_ASN1_TRUE@ asn1Parser -o pkix.asn.h pkix.asn @WITH_ASN1_TRUE@ asn1Parser -o openssl.asn.h openssl.asn diff --git a/common/argv.c b/common/argv.c new file mode 100644 index 0000000..6d91bfa --- /dev/null +++ b/common/argv.c @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#include "argv.h" +#include "debug.h" + +#include +#include +#include + +bool +p11_argv_parse (const char *string, + void (*sink) (char *, void *), + void *argument) +{ + char quote = '\0'; + char *src, *dup, *at, *arg; + bool ret = true; + + return_val_if_fail (string != NULL, false); + return_val_if_fail (sink != NULL, false); + + src = dup = strdup (string); + return_val_if_fail (dup != NULL, false); + + arg = at = src; + for (src = dup; *src; src++) { + + /* Matching quote */ + if (quote == *src) { + quote = '\0'; + + /* Inside of quotes */ + } else if (quote != '\0') { + if (*src == '\\') { + *at++ = *src++; + if (!*src) { + ret = false; + goto done; + } + if (*src != quote) + *at++ = '\\'; + } + *at++ = *src; + + /* Space, not inside of quotes */ + } else if (isspace (*src)) { + *at = 0; + sink (arg, argument); + arg = at; + + /* Other character outside of quotes */ + } else { + switch (*src) { + case '\'': + case '"': + quote = *src; + break; + case '\\': + *at++ = *src++; + if (!*src) { + ret = false; + goto done; + } + /* fall through */ + default: + *at++ = *src; + break; + } + } + } + + + if (at != arg) { + *at = 0; + sink (arg, argument); + } + +done: + free (dup); + return ret; +} diff --git a/common/argv.h b/common/argv.h new file mode 100644 index 0000000..8f95490 --- /dev/null +++ b/common/argv.h @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2012 Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#ifndef P11_ARGV_H_ +#define P11_ARGV_H_ + +#include "compat.h" + +bool p11_argv_parse (const char *string, + void (*sink) (char *, void *), + void *argument); + +#endif /* P11_ARGV_H_ */ diff --git a/common/attrs.c b/common/attrs.c index c1e060a..88906f4 100644 --- a/common/attrs.c +++ b/common/attrs.c @@ -808,10 +808,10 @@ format_some_bytes (p11_buffer *buffer, p11_buffer_add (buffer, "\"", 1); } -static void -format_attribute (p11_buffer *buffer, - const CK_ATTRIBUTE *attr, - CK_OBJECT_CLASS klass) +void +p11_attr_format (p11_buffer *buffer, + const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass) { p11_buffer_add (buffer, "{ ", -1); format_attribute_type (buffer, attr->type); @@ -839,10 +839,10 @@ format_attribute (p11_buffer *buffer, p11_buffer_add (buffer, " }", -1); } -static void -format_attributes (p11_buffer *buffer, - const CK_ATTRIBUTE *attrs, - int count) +void +p11_attrs_format (p11_buffer *buffer, + const CK_ATTRIBUTE *attrs, + int count) { CK_BBOOL first = CK_TRUE; CK_OBJECT_CLASS klass; @@ -861,7 +861,7 @@ format_attributes (p11_buffer *buffer, else p11_buffer_add (buffer, ", ", 2); first = CK_FALSE; - format_attribute (buffer, attrs + i, klass); + p11_attr_format (buffer, attrs + i, klass); } p11_buffer_add (buffer, " ]", -1); } @@ -873,7 +873,7 @@ p11_attrs_to_string (const CK_ATTRIBUTE *attrs, p11_buffer buffer; if (!p11_buffer_init_null (&buffer, 128)) return_val_if_reached (NULL); - format_attributes (&buffer, attrs, count); + p11_attrs_format (&buffer, attrs, count); return p11_buffer_steal (&buffer, NULL); } @@ -884,6 +884,6 @@ p11_attr_to_string (const CK_ATTRIBUTE *attr, p11_buffer buffer; if (!p11_buffer_init_null (&buffer, 32)) return_val_if_reached (NULL); - format_attribute (&buffer, attr, klass); + p11_attr_format (&buffer, attr, klass); return p11_buffer_steal (&buffer, NULL); } diff --git a/common/attrs.h b/common/attrs.h index 233ac79..2780013 100644 --- a/common/attrs.h +++ b/common/attrs.h @@ -36,6 +36,7 @@ #ifndef P11_ATTRS_H_ #define P11_ATTRS_H_ +#include "buffer.h" #include "compat.h" #include "pkcs11.h" @@ -112,9 +113,17 @@ bool p11_attrs_matchn (const CK_ATTRIBUTE *attrs, char * p11_attrs_to_string (const CK_ATTRIBUTE *attrs, int count); +void p11_attrs_format (p11_buffer *buffer, + const CK_ATTRIBUTE *attrs, + int count); + char * p11_attr_to_string (const CK_ATTRIBUTE *attr, CK_OBJECT_CLASS klass); +void p11_attr_format (p11_buffer *buffer, + const CK_ATTRIBUTE *attr, + CK_OBJECT_CLASS klass); + bool p11_attr_equal (const void *one, const void *two); diff --git a/common/compat.c b/common/compat.c index 4d8d73c..400e10b 100644 --- a/common/compat.c +++ b/common/compat.c @@ -161,7 +161,7 @@ p11_mutex_init (p11_mutex_t *mutex) int ret; pthread_mutexattr_init (&attr); - pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_RECURSIVE); + pthread_mutexattr_settype (&attr, PTHREAD_MUTEX_DEFAULT); ret = pthread_mutex_init (mutex, &attr); assert (ret == 0); pthread_mutexattr_destroy (&attr); @@ -245,6 +245,12 @@ p11_dl_error (void) return msg_buf; } +void +p11_dl_close (void *dl) +{ + FreeLibrary (dl); +} + int p11_thread_create (p11_thread_t *thread, p11_thread_routine routine, diff --git a/common/compat.h b/common/compat.h index 7435e07..0f9677b 100644 --- a/common/compat.h +++ b/common/compat.h @@ -135,13 +135,13 @@ typedef HMODULE dl_module_t; #define p11_dl_open(f) \ (LoadLibrary (f)) -#define p11_dl_close(d) \ - (FreeLibrary (d)) #define p11_dl_symbol(d, s) \ ((void *)GetProcAddress ((d), (s))) char * p11_dl_error (void); +void p11_dl_close (void * dl); + #define p11_sleep_ms(ms) \ (Sleep (ms)) diff --git a/common/constants.c b/common/constants.c index 918d3e5..ef92810 100644 --- a/common/constants.c +++ b/common/constants.c @@ -260,6 +260,338 @@ const p11_constant p11_constant_categories[] = { { CKA_INVALID }, }; +const p11_constant p11_constant_users[] = { + CT (CKU_SO, NULL) + CT (CKU_USER, NULL) + CT (CKU_CONTEXT_SPECIFIC, NULL) + { CKA_INVALID }, +}; + +const p11_constant p11_constant_states[] = { + CT (CKS_RO_PUBLIC_SESSION, NULL) + CT (CKS_RO_USER_FUNCTIONS, NULL) + CT (CKS_RW_PUBLIC_SESSION, NULL) + CT (CKS_RW_USER_FUNCTIONS, NULL) + CT (CKS_RW_SO_FUNCTIONS, NULL) + { CKA_INVALID }, +}; + +const p11_constant p11_constant_returns[] = { + CT (CKR_OK, NULL) + CT (CKR_CANCEL, NULL) + CT (CKR_HOST_MEMORY, NULL) + CT (CKR_SLOT_ID_INVALID, NULL) + CT (CKR_GENERAL_ERROR, NULL) + CT (CKR_FUNCTION_FAILED, NULL) + CT (CKR_ARGUMENTS_BAD, NULL) + CT (CKR_NO_EVENT, NULL) + CT (CKR_NEED_TO_CREATE_THREADS, NULL) + CT (CKR_CANT_LOCK, NULL) + CT (CKR_ATTRIBUTE_READ_ONLY, NULL) + CT (CKR_ATTRIBUTE_SENSITIVE, NULL) + CT (CKR_ATTRIBUTE_TYPE_INVALID, NULL) + CT (CKR_ATTRIBUTE_VALUE_INVALID, NULL) + CT (CKR_DATA_INVALID, NULL) + CT (CKR_DATA_LEN_RANGE, NULL) + CT (CKR_DEVICE_ERROR, NULL) + CT (CKR_DEVICE_MEMORY, NULL) + CT (CKR_DEVICE_REMOVED, NULL) + CT (CKR_ENCRYPTED_DATA_INVALID, NULL) + CT (CKR_ENCRYPTED_DATA_LEN_RANGE, NULL) + CT (CKR_FUNCTION_CANCELED, NULL) + CT (CKR_FUNCTION_NOT_PARALLEL, NULL) + CT (CKR_FUNCTION_NOT_SUPPORTED, NULL) + CT (CKR_KEY_HANDLE_INVALID, NULL) + CT (CKR_KEY_SIZE_RANGE, NULL) + CT (CKR_KEY_TYPE_INCONSISTENT, NULL) + CT (CKR_KEY_NOT_NEEDED, NULL) + CT (CKR_KEY_CHANGED, NULL) + CT (CKR_KEY_NEEDED, NULL) + CT (CKR_KEY_INDIGESTIBLE, NULL) + CT (CKR_KEY_FUNCTION_NOT_PERMITTED, NULL) + CT (CKR_KEY_NOT_WRAPPABLE, NULL) + CT (CKR_KEY_UNEXTRACTABLE, NULL) + CT (CKR_MECHANISM_INVALID, NULL) + CT (CKR_MECHANISM_PARAM_INVALID, NULL) + CT (CKR_OBJECT_HANDLE_INVALID, NULL) + CT (CKR_OPERATION_ACTIVE, NULL) + CT (CKR_OPERATION_NOT_INITIALIZED, NULL) + CT (CKR_PIN_INCORRECT, NULL) + CT (CKR_PIN_INVALID, NULL) + CT (CKR_PIN_LEN_RANGE, NULL) + CT (CKR_PIN_EXPIRED, NULL) + CT (CKR_PIN_LOCKED, NULL) + CT (CKR_SESSION_CLOSED, NULL) + CT (CKR_SESSION_COUNT, NULL) + CT (CKR_SESSION_HANDLE_INVALID, NULL) + CT (CKR_SESSION_PARALLEL_NOT_SUPPORTED, NULL) + CT (CKR_SESSION_READ_ONLY, NULL) + CT (CKR_SESSION_EXISTS, NULL) + CT (CKR_SESSION_READ_ONLY_EXISTS, NULL) + CT (CKR_SESSION_READ_WRITE_SO_EXISTS, NULL) + CT (CKR_SIGNATURE_INVALID, NULL) + CT (CKR_SIGNATURE_LEN_RANGE, NULL) + CT (CKR_TEMPLATE_INCOMPLETE, NULL) + CT (CKR_TEMPLATE_INCONSISTENT, NULL) + CT (CKR_TOKEN_NOT_PRESENT, NULL) + CT (CKR_TOKEN_NOT_RECOGNIZED, NULL) + CT (CKR_TOKEN_WRITE_PROTECTED, NULL) + CT (CKR_UNWRAPPING_KEY_HANDLE_INVALID, NULL) + CT (CKR_UNWRAPPING_KEY_SIZE_RANGE, NULL) + CT (CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, NULL) + CT (CKR_USER_ALREADY_LOGGED_IN, NULL) + CT (CKR_USER_NOT_LOGGED_IN, NULL) + CT (CKR_USER_PIN_NOT_INITIALIZED, NULL) + CT (CKR_USER_TYPE_INVALID, NULL) + CT (CKR_USER_ANOTHER_ALREADY_LOGGED_IN, NULL) + CT (CKR_USER_TOO_MANY_TYPES, NULL) + CT (CKR_WRAPPED_KEY_INVALID, NULL) + CT (CKR_WRAPPED_KEY_LEN_RANGE, NULL) + CT (CKR_WRAPPING_KEY_HANDLE_INVALID, NULL) + CT (CKR_WRAPPING_KEY_SIZE_RANGE, NULL) + CT (CKR_WRAPPING_KEY_TYPE_INCONSISTENT, NULL) + CT (CKR_RANDOM_SEED_NOT_SUPPORTED, NULL) + CT (CKR_RANDOM_NO_RNG, NULL) + CT (CKR_DOMAIN_PARAMS_INVALID, NULL) + CT (CKR_BUFFER_TOO_SMALL, NULL) + CT (CKR_SAVED_STATE_INVALID, NULL) + CT (CKR_INFORMATION_SENSITIVE, NULL) + CT (CKR_STATE_UNSAVEABLE, NULL) + CT (CKR_CRYPTOKI_NOT_INITIALIZED, NULL) + CT (CKR_CRYPTOKI_ALREADY_INITIALIZED, NULL) + CT (CKR_MUTEX_BAD, NULL) + CT (CKR_MUTEX_NOT_LOCKED, NULL) + CT (CKR_FUNCTION_REJECTED, NULL) + { CKA_INVALID }, +}; + +const p11_constant p11_constant_mechanisms[] = { + CT (CKM_RSA_PKCS_KEY_PAIR_GEN, NULL) + CT (CKM_RSA_PKCS, NULL) + CT (CKM_RSA_9796, NULL) + CT (CKM_RSA_X_509, NULL) + CT (CKM_MD2_RSA_PKCS, NULL) + CT (CKM_MD5_RSA_PKCS, NULL) + CT (CKM_SHA1_RSA_PKCS, NULL) + CT (CKM_RIPEMD128_RSA_PKCS, NULL) + CT (CKM_RIPEMD160_RSA_PKCS, NULL) + CT (CKM_RSA_PKCS_OAEP, NULL) + CT (CKM_RSA_X9_31_KEY_PAIR_GEN, NULL) + CT (CKM_RSA_X9_31, NULL) + CT (CKM_SHA1_RSA_X9_31, NULL) + CT (CKM_RSA_PKCS_PSS, NULL) + CT (CKM_SHA1_RSA_PKCS_PSS, NULL) + CT (CKM_DSA_KEY_PAIR_GEN, NULL) + CT (CKM_DSA, NULL) + CT (CKM_DSA_SHA1, NULL) + CT (CKM_DH_PKCS_KEY_PAIR_GEN, NULL) + CT (CKM_DH_PKCS_DERIVE, NULL) + CT (CKM_X9_42_DH_KEY_PAIR_GEN, NULL) + CT (CKM_X9_42_DH_DERIVE, NULL) + CT (CKM_X9_42_DH_HYBRID_DERIVE, NULL) + CT (CKM_X9_42_MQV_DERIVE, NULL) + CT (CKM_SHA256_RSA_PKCS, NULL) + CT (CKM_SHA384_RSA_PKCS, NULL) + CT (CKM_SHA512_RSA_PKCS, NULL) + CT (CKM_SHA256_RSA_PKCS_PSS, NULL) + CT (CKM_SHA384_RSA_PKCS_PSS, NULL) + CT (CKM_SHA512_RSA_PKCS_PSS, NULL) + CT (CKM_RC2_KEY_GEN, NULL) + CT (CKM_RC2_ECB, NULL) + CT (CKM_RC2_CBC, NULL) + CT (CKM_RC2_MAC, NULL) + CT (CKM_RC2_MAC_GENERAL, NULL) + CT (CKM_RC2_CBC_PAD, NULL) + CT (CKM_RC4_KEY_GEN, NULL) + CT (CKM_RC4, NULL) + CT (CKM_DES_KEY_GEN, NULL) + CT (CKM_DES_ECB, NULL) + CT (CKM_DES_CBC, NULL) + CT (CKM_DES_MAC, NULL) + CT (CKM_DES_MAC_GENERAL, NULL) + CT (CKM_DES_CBC_PAD, NULL) + CT (CKM_DES2_KEY_GEN, NULL) + CT (CKM_DES3_KEY_GEN, NULL) + CT (CKM_DES3_ECB, NULL) + CT (CKM_DES3_CBC, NULL) + CT (CKM_DES3_MAC, NULL) + CT (CKM_DES3_MAC_GENERAL, NULL) + CT (CKM_DES3_CBC_PAD, NULL) + CT (CKM_CDMF_KEY_GEN, NULL) + CT (CKM_CDMF_ECB, NULL) + CT (CKM_CDMF_CBC, NULL) + CT (CKM_CDMF_MAC, NULL) + CT (CKM_CDMF_MAC_GENERAL, NULL) + CT (CKM_CDMF_CBC_PAD, NULL) + CT (CKM_DES_OFB64, NULL) + CT (CKM_DES_OFB8, NULL) + CT (CKM_DES_CFB64, NULL) + CT (CKM_DES_CFB8, NULL) + CT (CKM_MD2, NULL) + CT (CKM_MD2_HMAC, NULL) + CT (CKM_MD2_HMAC_GENERAL, NULL) + CT (CKM_MD5, NULL) + CT (CKM_MD5_HMAC, NULL) + CT (CKM_MD5_HMAC_GENERAL, NULL) + CT (CKM_SHA_1, NULL) + CT (CKM_SHA_1_HMAC, NULL) + CT (CKM_SHA_1_HMAC_GENERAL, NULL) + CT (CKM_RIPEMD128, NULL) + CT (CKM_RIPEMD128_HMAC, NULL) + CT (CKM_RIPEMD128_HMAC_GENERAL, NULL) + CT (CKM_RIPEMD160, NULL) + CT (CKM_RIPEMD160_HMAC, NULL) + CT (CKM_RIPEMD160_HMAC_GENERAL, NULL) + CT (CKM_SHA256, NULL) + CT (CKM_SHA256_HMAC, NULL) + CT (CKM_SHA256_HMAC_GENERAL, NULL) + CT (CKM_SHA384, NULL) + CT (CKM_SHA384_HMAC, NULL) + CT (CKM_SHA384_HMAC_GENERAL, NULL) + CT (CKM_SHA512, NULL) + CT (CKM_SHA512_HMAC, NULL) + CT (CKM_SHA512_HMAC_GENERAL, NULL) + CT (CKM_CAST_KEY_GEN, NULL) + CT (CKM_CAST_ECB, NULL) + CT (CKM_CAST_CBC, NULL) + CT (CKM_CAST_MAC, NULL) + CT (CKM_CAST_MAC_GENERAL, NULL) + CT (CKM_CAST_CBC_PAD, NULL) + CT (CKM_CAST3_KEY_GEN, NULL) + CT (CKM_CAST3_ECB, NULL) + CT (CKM_CAST3_CBC, NULL) + CT (CKM_CAST3_MAC, NULL) + CT (CKM_CAST3_MAC_GENERAL, NULL) + CT (CKM_CAST3_CBC_PAD, NULL) + CT (CKM_CAST5_KEY_GEN, NULL) + /* CT (CKM_CAST128_KEY_GEN) */ + CT (CKM_CAST5_ECB, NULL) + /* CT (CKM_CAST128_ECB) */ + CT (CKM_CAST5_CBC, NULL) + /* CT (CKM_CAST128_CBC) */ + CT (CKM_CAST5_MAC, NULL) + /* CT (CKM_CAST128_MAC) */ + CT (CKM_CAST5_MAC_GENERAL, NULL) + /* CT (CKM_CAST128_MAC_GENERAL) */ + CT (CKM_CAST5_CBC_PAD, NULL) + /* CT (CKM_CAST128_CBC_PAD) */ + CT (CKM_RC5_KEY_GEN, NULL) + CT (CKM_RC5_ECB, NULL) + CT (CKM_RC5_CBC, NULL) + CT (CKM_RC5_MAC, NULL) + CT (CKM_RC5_MAC_GENERAL, NULL) + CT (CKM_RC5_CBC_PAD, NULL) + CT (CKM_IDEA_KEY_GEN, NULL) + CT (CKM_IDEA_ECB, NULL) + CT (CKM_IDEA_CBC, NULL) + CT (CKM_IDEA_MAC, NULL) + CT (CKM_IDEA_MAC_GENERAL, NULL) + CT (CKM_IDEA_CBC_PAD, NULL) + CT (CKM_GENERIC_SECRET_KEY_GEN, NULL) + CT (CKM_CONCATENATE_BASE_AND_KEY, NULL) + CT (CKM_CONCATENATE_BASE_AND_DATA, NULL) + CT (CKM_CONCATENATE_DATA_AND_BASE, NULL) + CT (CKM_XOR_BASE_AND_DATA, NULL) + CT (CKM_EXTRACT_KEY_FROM_KEY, NULL) + CT (CKM_SSL3_PRE_MASTER_KEY_GEN, NULL) + CT (CKM_SSL3_MASTER_KEY_DERIVE, NULL) + CT (CKM_SSL3_KEY_AND_MAC_DERIVE, NULL) + CT (CKM_SSL3_MASTER_KEY_DERIVE_DH, NULL) + CT (CKM_TLS_PRE_MASTER_KEY_GEN, NULL) + CT (CKM_TLS_MASTER_KEY_DERIVE, NULL) + CT (CKM_TLS_KEY_AND_MAC_DERIVE, NULL) + CT (CKM_TLS_MASTER_KEY_DERIVE_DH, NULL) + /* CT (CKM_TLS_PRF) */ + CT (CKM_SSL3_MD5_MAC, NULL) + CT (CKM_SSL3_SHA1_MAC, NULL) + CT (CKM_MD5_KEY_DERIVATION, NULL) + CT (CKM_MD2_KEY_DERIVATION, NULL) + CT (CKM_SHA1_KEY_DERIVATION, NULL) + CT (CKM_SHA256_KEY_DERIVATION, NULL) + CT (CKM_SHA384_KEY_DERIVATION, NULL) + CT (CKM_SHA512_KEY_DERIVATION, NULL) + CT (CKM_PBE_MD2_DES_CBC, NULL) + CT (CKM_PBE_MD5_DES_CBC, NULL) + CT (CKM_PBE_MD5_CAST_CBC, NULL) + CT (CKM_PBE_MD5_CAST3_CBC, NULL) + CT (CKM_PBE_MD5_CAST5_CBC, NULL) + /* CT (CKM_PBE_MD5_CAST128_CBC) */ + CT (CKM_PBE_SHA1_CAST5_CBC, NULL) + /* CT (CKM_PBE_SHA1_CAST128_CBC) */ + CT (CKM_PBE_SHA1_RC4_128, NULL) + CT (CKM_PBE_SHA1_RC4_40, NULL) + CT (CKM_PBE_SHA1_DES3_EDE_CBC, NULL) + CT (CKM_PBE_SHA1_DES2_EDE_CBC, NULL) + CT (CKM_PBE_SHA1_RC2_128_CBC, NULL) + CT (CKM_PBE_SHA1_RC2_40_CBC, NULL) + CT (CKM_PKCS5_PBKD2, NULL) + CT (CKM_PBA_SHA1_WITH_SHA1_HMAC, NULL) + CT (CKM_WTLS_PRE_MASTER_KEY_GEN, NULL) + CT (CKM_WTLS_MASTER_KEY_DERIVE, NULL) + CT (CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC, NULL) + CT (CKM_WTLS_PRF, NULL) + CT (CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE, NULL) + CT (CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE, NULL) + CT (CKM_KEY_WRAP_LYNKS, NULL) + CT (CKM_KEY_WRAP_SET_OAEP, NULL) + CT (CKM_CMS_SIG, NULL) + CT (CKM_SKIPJACK_KEY_GEN, NULL) + CT (CKM_SKIPJACK_ECB64, NULL) + CT (CKM_SKIPJACK_CBC64, NULL) + CT (CKM_SKIPJACK_OFB64, NULL) + CT (CKM_SKIPJACK_CFB64, NULL) + CT (CKM_SKIPJACK_CFB32, NULL) + CT (CKM_SKIPJACK_CFB16, NULL) + CT (CKM_SKIPJACK_CFB8, NULL) + CT (CKM_SKIPJACK_WRAP, NULL) + CT (CKM_SKIPJACK_PRIVATE_WRAP, NULL) + CT (CKM_SKIPJACK_RELAYX, NULL) + CT (CKM_KEA_KEY_PAIR_GEN, NULL) + CT (CKM_KEA_KEY_DERIVE, NULL) + CT (CKM_FORTEZZA_TIMESTAMP, NULL) + CT (CKM_BATON_KEY_GEN, NULL) + CT (CKM_BATON_ECB128, NULL) + CT (CKM_BATON_ECB96, NULL) + CT (CKM_BATON_CBC128, NULL) + CT (CKM_BATON_COUNTER, NULL) + CT (CKM_BATON_SHUFFLE, NULL) + CT (CKM_BATON_WRAP, NULL) + CT (CKM_ECDSA_KEY_PAIR_GEN, NULL) + /* CT (CKM_EC_KEY_PAIR_GEN) */ + CT (CKM_ECDSA, NULL) + CT (CKM_ECDSA_SHA1, NULL) + CT (CKM_ECDH1_DERIVE, NULL) + CT (CKM_ECDH1_COFACTOR_DERIVE, NULL) + CT (CKM_ECMQV_DERIVE, NULL) + CT (CKM_JUNIPER_KEY_GEN, NULL) + CT (CKM_JUNIPER_ECB128, NULL) + CT (CKM_JUNIPER_CBC128, NULL) + CT (CKM_JUNIPER_COUNTER, NULL) + CT (CKM_JUNIPER_SHUFFLE, NULL) + CT (CKM_JUNIPER_WRAP, NULL) + CT (CKM_FASTHASH, NULL) + CT (CKM_AES_KEY_GEN, NULL) + CT (CKM_AES_ECB, NULL) + CT (CKM_AES_CBC, NULL) + CT (CKM_AES_MAC, NULL) + CT (CKM_AES_MAC_GENERAL, NULL) + CT (CKM_AES_CBC_PAD, NULL) + CT (CKM_BLOWFISH_KEY_GEN, NULL) + CT (CKM_BLOWFISH_CBC, NULL) + CT (CKM_TWOFISH_KEY_GEN, NULL) + CT (CKM_TWOFISH_CBC, NULL) + CT (CKM_DES_ECB_ENCRYPT_DATA, NULL) + CT (CKM_DES_CBC_ENCRYPT_DATA, NULL) + CT (CKM_DES3_ECB_ENCRYPT_DATA, NULL) + CT (CKM_DES3_CBC_ENCRYPT_DATA, NULL) + CT (CKM_AES_ECB_ENCRYPT_DATA, NULL) + CT (CKM_AES_CBC_ENCRYPT_DATA, NULL) + CT (CKM_DSA_PARAMETER_GEN, NULL) + CT (CKM_DH_PKCS_PARAMETER_GEN, NULL) + CT (CKM_X9_42_DH_PARAMETER_GEN, NULL) + { CKA_INVALID }, +}; + #undef CT struct { @@ -272,7 +604,11 @@ struct { { p11_constant_certs, ELEMS (p11_constant_certs) - 1 }, { p11_constant_keys, ELEMS (p11_constant_keys) - 1 }, { p11_constant_asserts, ELEMS (p11_constant_asserts) - 1 }, - { p11_constant_categories, ELEMS (p11_constant_categories) - 1 } + { p11_constant_categories, ELEMS (p11_constant_categories) - 1 }, + { p11_constant_mechanisms, ELEMS (p11_constant_mechanisms) - 1 }, + { p11_constant_states, ELEMS (p11_constant_states) - 1 }, + { p11_constant_users, ELEMS (p11_constant_users) - 1 }, + { p11_constant_returns, ELEMS (p11_constant_returns) - 1 }, }; static int @@ -328,6 +664,7 @@ p11_constant_reverse (bool nick) { const p11_constant *table; p11_dict *lookups; + void *string; int length = -1; int i, j; @@ -339,9 +676,14 @@ p11_constant_reverse (bool nick) length = tables[i].length; for (j = 0; j < length; j++) { - if (!p11_dict_set (lookups, - nick ? (void *)table[j].nick : (void *)table[j].name, - (void *)&table[j].value)) + if (nick) { + if (!table[j].nick) + continue; + string = (void *)table[j].nick; + } else { + string = (void *)table[j].name; + } + if (!p11_dict_set (lookups, string, (void *)&table[j].value)) return_val_if_reached (NULL); } } diff --git a/common/constants.h b/common/constants.h index 82a0879..5b0f3a5 100644 --- a/common/constants.h +++ b/common/constants.h @@ -71,4 +71,12 @@ extern const p11_constant p11_constant_asserts[]; extern const p11_constant p11_constant_categories[]; +extern const p11_constant p11_constant_mechanisms[]; + +extern const p11_constant p11_constant_states[]; + +extern const p11_constant p11_constant_users[]; + +extern const p11_constant p11_constant_returns[]; + #endif /* P11_CONSTANTS_H_ */ diff --git a/common/debug.h b/common/debug.h index f8b2cf4..0dcfeae 100644 --- a/common/debug.h +++ b/common/debug.h @@ -59,8 +59,10 @@ void p11_debug_precond (const char *format, ...) GNUC_PRINTF (1, 2) CLANG_ANALYZER_NORETURN; +#ifndef assert_not_reached #define assert_not_reached() \ (assert (false && "this code should not be reached")) +#endif #define return_val_if_fail(x, v) \ do { if (!(x)) { \ diff --git a/common/library.c b/common/library.c index b7d6923..2d54fd5 100644 --- a/common/library.c +++ b/common/library.c @@ -60,7 +60,7 @@ static p11_local * _p11_library_get_thread_local (void); p11_mutex_t p11_library_mutex; #ifdef OS_UNIX -pthread_once_t p11_library_once = PTHREAD_ONCE_INIT; +pthread_once_t p11_library_once; #endif static char * diff --git a/common/mock.c b/common/mock.c index 1a283b9..f1d1c03 100644 --- a/common/mock.c +++ b/common/mock.c @@ -183,8 +183,8 @@ mock_module_take_object (CK_SLOT_ID slot_id, return_if_reached (); } -void -mock_module_reset_objects (CK_SLOT_ID slot_id) +static void +module_reset_objects (CK_SLOT_ID slot_id) { return_if_fail (slot_id == MOCK_SLOT_ONE_ID); @@ -291,6 +291,44 @@ mock_module_reset_objects (CK_SLOT_ID slot_id) p11_dict_set (the_objects, handle_to_pointer (MOCK_PUBLIC_KEY_PREFIX), p11_attrs_dup (attrs)); } +} + +static void +module_finalize (void) +{ + p11_mutex_lock (&init_mutex); + + /* This should stop all other calls in */ + pkcs11_initialized = false; + pkcs11_initialized_pid = 0; + + if (the_objects) + p11_dict_free (the_objects); + the_objects = NULL; + + if (the_sessions) + p11_dict_free (the_sessions); + the_sessions = NULL; + logged_in = false; + the_user_type = 0; + + free (the_pin); + the_pin = NULL; + n_the_pin = 0; + + p11_mutex_unlock (&init_mutex); +} + +bool +mock_module_initialized (void) +{ + return pkcs11_initialized; +} +void +mock_module_reset (void) +{ + module_finalize (); + module_reset_objects (MOCK_SLOT_ONE_ID); } @@ -389,7 +427,7 @@ mock_C_Initialize (CK_VOID_PTR init_args) p11_dict_direct_equal, NULL, free_session); - mock_module_reset_objects (MOCK_SLOT_ONE_ID); + module_reset_objects (MOCK_SLOT_ONE_ID); done: /* Mark us as officially initialized */ @@ -407,6 +445,13 @@ done: } CK_RV +mock_X_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args) +{ + return mock_C_Initialize (init_args); +} + +CK_RV mock_C_Initialize__fails (CK_VOID_PTR init_args) { return CKR_FUNCTION_FAILED; @@ -418,35 +463,16 @@ mock_C_Finalize (CK_VOID_PTR reserved) return_val_if_fail (pkcs11_initialized, CKR_CRYPTOKI_NOT_INITIALIZED); return_val_if_fail (reserved == NULL, CKR_ARGUMENTS_BAD); - p11_mutex_lock (&init_mutex); - - /* This should stop all other calls in */ - pkcs11_initialized = false; - pkcs11_initialized_pid = 0; - - p11_dict_free (the_objects); - the_objects = NULL; - - p11_dict_free (the_sessions); - the_sessions = NULL; - logged_in = false; - the_user_type = 0; - - free (the_pin); - - p11_mutex_unlock (&init_mutex); - + module_finalize (); return CKR_OK; } -static const CK_INFO MOCK_INFO = { - { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, - "MOCK MANUFACTURER ", - 0, - "MOCK LIBRARY ", - { 45, 145 } -}; - +CK_RV +mock_X_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR reserved) +{ + return mock_C_Finalize (reserved); +} CK_RV mock_C_GetInfo (CK_INFO_PTR info) @@ -458,6 +484,13 @@ mock_C_GetInfo (CK_INFO_PTR info) } CK_RV +mock_X_GetInfo (CK_X_FUNCTION_LIST *self, + CK_INFO_PTR info) +{ + return mock_C_GetInfo (info); +} + +CK_RV mock_C_GetFunctionList_not_supported (CK_FUNCTION_LIST_PTR_PTR list) { /* This would be a strange call to receive, should be overridden */ @@ -505,6 +538,18 @@ mock_C_GetSlotList__no_tokens (CK_BBOOL token_present, return CKR_OK; } +CK_RV +mock_X_GetSlotList__no_tokens (CK_X_FUNCTION_LIST *self, + CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count) +{ + return mock_C_GetSlotList__no_tokens (token_present, + slot_list, + count); +; +} + /* Update mock-module.h URIs when updating this */ static const CK_SLOT_INFO MOCK_INFO_ONE = { @@ -569,6 +614,16 @@ mock_C_GetSlotInfo__invalid_slotid (CK_SLOT_ID id, return CKR_SLOT_ID_INVALID; } +CK_RV +mock_X_GetSlotInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_SLOT_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + /* Update gck-mock.h URIs when updating this */ static const CK_TOKEN_INFO MOCK_TOKEN_ONE = { @@ -617,6 +672,16 @@ mock_C_GetTokenInfo__invalid_slotid (CK_SLOT_ID slot_id, return CKR_SLOT_ID_INVALID; } +CK_RV +mock_X_GetTokenInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + /* * TWO mechanisms: * CKM_MOCK_CAPITALIZE @@ -651,8 +716,8 @@ mock_C_GetMechanismList (CK_SLOT_ID slot_id, } CK_RV -mock_C_GetTokenInfo_not_initialized (CK_SLOT_ID slot_id, - CK_TOKEN_INFO_PTR info) +mock_C_GetTokenInfo__not_initialized (CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info) { CK_RV rv; @@ -679,6 +744,17 @@ mock_C_GetMechanismList__invalid_slotid (CK_SLOT_ID id, return CKR_SLOT_ID_INVALID; } +CK_RV +mock_X_GetMechanismList__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + static const CK_MECHANISM_INFO MOCK_MECH_CAPITALIZE = { 512, 4096, CKF_ENCRYPT | CKF_DECRYPT }; @@ -721,6 +797,17 @@ mock_C_GetMechanismInfo__invalid_slotid (CK_SLOT_ID slot_id, } CK_RV +mock_X_GetMechanismInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +CK_RV mock_C_InitToken__specific_args (CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, @@ -757,6 +844,16 @@ mock_C_InitToken__invalid_slotid (CK_SLOT_ID slot_id, } CK_RV +mock_X_InitToken__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label) +{ + return CKR_SLOT_ID_INVALID; +} + +CK_RV mock_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved) @@ -781,6 +878,17 @@ mock_C_WaitForSlotEvent__no_event (CK_FLAGS flags, } CK_RV +mock_X_WaitForSlotEvent__no_event (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved) +{ + return_val_if_fail (slot, CKR_ARGUMENTS_BAD); + + return CKR_NO_EVENT; +} + +CK_RV mock_C_OpenSession (CK_SLOT_ID slot_id, CK_FLAGS flags, CK_VOID_PTR user_data, @@ -828,6 +936,19 @@ mock_C_OpenSession__invalid_slotid (CK_SLOT_ID slot_id, } CK_RV +mock_X_OpenSession__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session) +{ + return_val_if_fail (session, CKR_ARGUMENTS_BAD); + + return CKR_SLOT_ID_INVALID; +} + +CK_RV mock_C_OpenSession__fails (CK_SLOT_ID slot_id, CK_FLAGS flags, CK_VOID_PTR user_data, @@ -859,6 +980,13 @@ mock_C_CloseSession__invalid_handle (CK_SESSION_HANDLE session) } CK_RV +mock_X_CloseSession__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_CloseAllSessions (CK_SLOT_ID slot_id) { if (slot_id == MOCK_SLOT_TWO_ID) @@ -877,6 +1005,13 @@ mock_C_CloseAllSessions__invalid_slotid (CK_SLOT_ID slot_id) } CK_RV +mock_X_CloseAllSessions__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id) +{ + return CKR_SLOT_ID_INVALID; +} + +CK_RV mock_C_GetFunctionStatus (CK_SESSION_HANDLE session) { if (!p11_dict_get (the_sessions, handle_to_pointer (session))) @@ -913,7 +1048,7 @@ mock_C_GetSessionInfo (CK_SESSION_HANDLE session, return_val_if_fail (info != NULL, CKR_ARGUMENTS_BAD); sess = p11_dict_get (the_sessions, handle_to_pointer (session)); - if (!session) + if (!sess) return CKR_SESSION_HANDLE_INVALID; if (logged_in) { @@ -942,6 +1077,16 @@ mock_C_GetSessionInfo__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_GetSessionInfo__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info) +{ + return_val_if_fail (info, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_InitPIN__specific_args (CK_SESSION_HANDLE session, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len) @@ -972,6 +1117,15 @@ mock_C_InitPIN__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_InitPIN__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_SetPIN__specific_args (CK_SESSION_HANDLE session, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len, @@ -1011,6 +1165,17 @@ mock_C_SetPIN__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_SetPIN__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_GetOperationState (CK_SESSION_HANDLE session, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len) @@ -1045,6 +1210,15 @@ mock_C_GetOperationState__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_GetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len) +{ + return CKR_FUNCTION_NOT_SUPPORTED; +} + +CK_RV mock_C_SetOperationState (CK_SESSION_HANDLE session, CK_BYTE_PTR operation_state, CK_ULONG operation_state_len, @@ -1079,6 +1253,17 @@ mock_C_SetOperationState__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_SetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_Login (CK_SESSION_HANDLE session, CK_USER_TYPE user_type, CK_UTF8CHAR_PTR pin, @@ -1127,6 +1312,16 @@ mock_C_Login__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_Login__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_Logout (CK_SESSION_HANDLE session) { Session *sess; @@ -1150,6 +1345,13 @@ mock_C_Logout__invalid_handle (CK_SESSION_HANDLE session) } CK_RV +mock_X_Logout__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_CreateObject (CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR template, CK_ULONG count, @@ -1195,6 +1397,18 @@ mock_C_CreateObject__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_CreateObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_CopyObject (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR template, @@ -1246,6 +1460,19 @@ mock_C_CopyObject__invalid_handle (CK_SESSION_HANDLE session, CK_RV +mock_X_CopyObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object) +{ + return_val_if_fail (new_object, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DestroyObject (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object) { @@ -1274,6 +1501,14 @@ mock_C_DestroyObject__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DestroyObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_GetObjectSize (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ULONG_PTR size) @@ -1313,6 +1548,17 @@ mock_C_GetObjectSize__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size) +{ + return_val_if_fail (size, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_GetAttributeValue (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR template, @@ -1371,6 +1617,16 @@ mock_C_GetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_GetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_GetAttributeValue__fail_first (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR template, @@ -1428,6 +1684,16 @@ mock_C_SetAttributeValue__invalid_handle (CK_SESSION_HANDLE session, return CKR_SESSION_HANDLE_INVALID; } +CK_RV +mock_X_SetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_SESSION_HANDLE_INVALID; +} + typedef struct _FindObjects { CK_ATTRIBUTE *template; CK_ULONG count; @@ -1512,6 +1778,15 @@ mock_C_FindObjectsInit__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_FindObjectsInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_FindObjectsInit__fails (CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR template, CK_ULONG count) @@ -1563,14 +1838,26 @@ mock_C_FindObjects__invalid_handle (CK_SESSION_HANDLE session, } CK_RV -mock_C_FindObjects__fails (CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR objects, - CK_ULONG max_count, - CK_ULONG_PTR count) +mock_X_FindObjects__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count) { return_val_if_fail (count, CKR_ARGUMENTS_BAD); - return CKR_DEVICE_REMOVED; + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV +mock_C_FindObjects__fails (CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count) +{ + return_val_if_fail (count, CKR_ARGUMENTS_BAD); + + return CKR_DEVICE_REMOVED; } CK_RV @@ -1599,6 +1886,13 @@ mock_C_FindObjectsFinal__invalid_handle (CK_SESSION_HANDLE session) } CK_RV +mock_X_FindObjectsFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_EncryptInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) @@ -1634,6 +1928,15 @@ mock_C_EncryptInit__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_EncryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_Encrypt (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -1661,6 +1964,19 @@ mock_C_Encrypt__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_Encrypt__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len) +{ + return_val_if_fail (encrypted_data_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_EncryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len, @@ -1713,6 +2029,19 @@ mock_C_EncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_EncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len) +{ + return_val_if_fail (encrypted_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_EncryptFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR last_encrypted_part, CK_ULONG_PTR last_encrypted_part_len) @@ -1749,6 +2078,17 @@ mock_C_EncryptFinal__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_EncryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DecryptInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) @@ -1784,6 +2124,15 @@ mock_C_DecryptInit__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DecryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_Decrypt (CK_SESSION_HANDLE session, CK_BYTE_PTR encrypted_data, CK_ULONG encrypted_data_len, @@ -1811,6 +2160,19 @@ mock_C_Decrypt__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_Decrypt__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DecryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR encrypted_part, CK_ULONG encrypted_part_len, @@ -1863,6 +2225,19 @@ mock_C_DecryptUpdate__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DecryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DecryptFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR last_part, CK_ULONG_PTR last_part_len) @@ -1900,6 +2275,17 @@ mock_C_DecryptFinal__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DecryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len) +{ + return_val_if_fail (last_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DigestInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism) { @@ -1932,6 +2318,14 @@ mock_C_DigestInit__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DigestInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_Digest (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -1961,6 +2355,19 @@ mock_C_Digest__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_Digest__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DigestUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len) @@ -1990,6 +2397,15 @@ mock_C_DigestUpdate__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DigestKey (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key) { @@ -2017,6 +2433,14 @@ mock_C_DigestKey__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DigestKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DigestFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR digest, CK_ULONG_PTR digest_len) @@ -2068,6 +2492,17 @@ mock_C_DigestFinal__invalid_handle (CK_SESSION_HANDLE session, return CKR_SESSION_HANDLE_INVALID; } +CK_RV +mock_X_DigestFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len) +{ + return_val_if_fail (digest_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + static CK_RV prefix_mechanism_init (CK_SESSION_HANDLE session, CK_ATTRIBUTE_TYPE method, @@ -2156,6 +2591,15 @@ mock_C_SignInit__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_SignInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_Sign (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -2184,6 +2628,19 @@ mock_C_Sign__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_Sign__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_SignUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len) @@ -2214,6 +2671,17 @@ mock_C_SignUpdate__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_SignUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_SignFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR signature, CK_ULONG_PTR signature_len) @@ -2270,6 +2738,17 @@ mock_C_SignFinal__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_SignFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_SignRecoverInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) @@ -2287,6 +2766,15 @@ mock_C_SignRecoverInit__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_SignRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_SignRecover (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -2345,6 +2833,19 @@ mock_C_SignRecover__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_SignRecover__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len) +{ + return_val_if_fail (signature_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_VerifyInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) @@ -2362,6 +2863,15 @@ mock_C_VerifyInit__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_VerifyInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_Verify (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -2388,6 +2898,17 @@ mock_C_Verify__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_Verify__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_VerifyUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len) @@ -2416,6 +2937,15 @@ mock_C_VerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_VerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_VerifyFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR signature, CK_ULONG signature_len) @@ -2463,6 +2993,15 @@ mock_C_VerifyFinal__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_VerifyFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_VerifyRecoverInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key) @@ -2480,6 +3019,15 @@ mock_C_VerifyRecoverInit__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_VerifyRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_VerifyRecover (CK_SESSION_HANDLE session, CK_BYTE_PTR signature, CK_ULONG signature_len, @@ -2534,6 +3082,19 @@ mock_C_VerifyRecover__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_VerifyRecover__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len) +{ + return_val_if_fail (data_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DigestEncryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len, @@ -2562,6 +3123,19 @@ mock_C_DigestEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DigestEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DecryptDigestUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR encrypted_part, CK_ULONG encrypted_part_len, @@ -2590,6 +3164,19 @@ mock_C_DecryptDigestUpdate__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DecryptDigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_SignEncryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len, @@ -2618,6 +3205,19 @@ mock_C_SignEncryptUpdate__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_SignEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len) +{ + return_val_if_fail (enc_part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DecryptVerifyUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR encrypted_part, CK_ULONG encrypted_part_len, @@ -2646,6 +3246,19 @@ mock_C_DecryptVerifyUpdate__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DecryptVerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len) +{ + return_val_if_fail (part_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_GenerateKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR template, @@ -2700,6 +3313,17 @@ mock_C_GenerateKey__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_GenerateKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_GenerateKeyPair (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR public_key_template, @@ -2772,6 +3396,20 @@ mock_C_GenerateKeyPair__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_GenerateKeyPair__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, + CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, + CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, + CK_OBJECT_HANDLE_PTR priv_key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_WrapKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE wrapping_key, @@ -2848,6 +3486,20 @@ mock_C_WrapKey__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_WrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len) +{ + return_val_if_fail (wrapped_key_len, CKR_ARGUMENTS_BAD); + + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_UnwrapKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE unwrapping_key, @@ -2920,6 +3572,20 @@ mock_C_UnwrapKey__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_UnwrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_DeriveKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE base_key, @@ -2985,6 +3651,18 @@ mock_C_DeriveKey__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_DeriveKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_SeedRandom (CK_SESSION_HANDLE session, CK_BYTE_PTR seed, CK_ULONG seed_len) @@ -3012,6 +3690,15 @@ mock_C_SeedRandom__invalid_handle (CK_SESSION_HANDLE session, } CK_RV +mock_X_SeedRandom__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + +CK_RV mock_C_GenerateRandom (CK_SESSION_HANDLE session, CK_BYTE_PTR random_data, CK_ULONG random_len) @@ -3043,6 +3730,15 @@ mock_C_GenerateRandom__invalid_handle (CK_SESSION_HANDLE session, return CKR_SESSION_HANDLE_INVALID; } +CK_RV +mock_X_GenerateRandom__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len) +{ + return CKR_SESSION_HANDLE_INVALID; +} + CK_FUNCTION_LIST mock_module_no_slots = { { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ mock_C_Initialize, @@ -3115,6 +3811,75 @@ CK_FUNCTION_LIST mock_module_no_slots = { mock_C_WaitForSlotEvent__no_event, }; +CK_X_FUNCTION_LIST mock_x_module_no_slots = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ + mock_X_Initialize, + mock_X_Finalize, + mock_X_GetInfo, + mock_X_GetSlotList__no_tokens, + mock_X_GetSlotInfo__invalid_slotid, + mock_X_GetTokenInfo__invalid_slotid, + mock_X_GetMechanismList__invalid_slotid, + mock_X_GetMechanismInfo__invalid_slotid, + mock_X_InitToken__invalid_slotid, + mock_X_InitPIN__invalid_handle, + mock_X_SetPIN__invalid_handle, + mock_X_OpenSession__invalid_slotid, + mock_X_CloseSession__invalid_handle, + mock_X_CloseAllSessions__invalid_slotid, + mock_X_GetSessionInfo__invalid_handle, + mock_X_GetOperationState__invalid_handle, + mock_X_SetOperationState__invalid_handle, + mock_X_Login__invalid_handle, + mock_X_Logout__invalid_handle, + mock_X_CreateObject__invalid_handle, + mock_X_CopyObject__invalid_handle, + mock_X_DestroyObject__invalid_handle, + mock_X_GetObjectSize__invalid_handle, + mock_X_GetAttributeValue__invalid_handle, + mock_X_SetAttributeValue__invalid_handle, + mock_X_FindObjectsInit__invalid_handle, + mock_X_FindObjects__invalid_handle, + mock_X_FindObjectsFinal__invalid_handle, + mock_X_EncryptInit__invalid_handle, + mock_X_Encrypt__invalid_handle, + mock_X_EncryptUpdate__invalid_handle, + mock_X_EncryptFinal__invalid_handle, + mock_X_DecryptInit__invalid_handle, + mock_X_Decrypt__invalid_handle, + mock_X_DecryptUpdate__invalid_handle, + mock_X_DecryptFinal__invalid_handle, + mock_X_DigestInit__invalid_handle, + mock_X_Digest__invalid_handle, + mock_X_DigestUpdate__invalid_handle, + mock_X_DigestKey__invalid_handle, + mock_X_DigestFinal__invalid_handle, + mock_X_SignInit__invalid_handle, + mock_X_Sign__invalid_handle, + mock_X_SignUpdate__invalid_handle, + mock_X_SignFinal__invalid_handle, + mock_X_SignRecoverInit__invalid_handle, + mock_X_SignRecover__invalid_handle, + mock_X_VerifyInit__invalid_handle, + mock_X_Verify__invalid_handle, + mock_X_VerifyUpdate__invalid_handle, + mock_X_VerifyFinal__invalid_handle, + mock_X_VerifyRecoverInit__invalid_handle, + mock_X_VerifyRecover__invalid_handle, + mock_X_DigestEncryptUpdate__invalid_handle, + mock_X_DecryptDigestUpdate__invalid_handle, + mock_X_SignEncryptUpdate__invalid_handle, + mock_X_DecryptVerifyUpdate__invalid_handle, + mock_X_GenerateKey__invalid_handle, + mock_X_GenerateKeyPair__invalid_handle, + mock_X_WrapKey__invalid_handle, + mock_X_UnwrapKey__invalid_handle, + mock_X_DeriveKey__invalid_handle, + mock_X_SeedRandom__invalid_handle, + mock_X_GenerateRandom__invalid_handle, + mock_X_WaitForSlotEvent__no_event, +}; + CK_FUNCTION_LIST mock_module = { { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, /* version */ mock_C_Initialize, diff --git a/common/mock.h b/common/mock.h index d09c8be..9128a63 100644 --- a/common/mock.h +++ b/common/mock.h @@ -37,6 +37,7 @@ #include "compat.h" #include "pkcs11.h" +#include "pkcs11x.h" enum { MOCK_DATA_OBJECT = 2, @@ -86,13 +87,25 @@ enum { MOCK_SLOT_ONE_ID = 52, MOCK_SLOT_TWO_ID = 134, + + MOCK_SLOTS_PRESENT = 1, + MOCK_SLOTS_ALL = 2, }; +static const CK_INFO MOCK_INFO = { + { CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR }, + "MOCK MANUFACTURER ", + 0, + "MOCK LIBRARY ", + { 45, 145 } +}; extern CK_FUNCTION_LIST mock_module; extern CK_FUNCTION_LIST mock_module_no_slots; +extern CK_X_FUNCTION_LIST mock_x_module_no_slots; + void mock_module_init (void); typedef bool (* mock_enumerator) (CK_OBJECT_HANDLE handle, @@ -106,19 +119,30 @@ void mock_module_enumerate_objects (CK_SESSION_HANDLE sess void mock_module_add_object (CK_SLOT_ID slot_id, const CK_ATTRIBUTE *attrs); +void mock_module_reset (void); + +bool mock_module_initialized (void); + void mock_module_take_object (CK_SLOT_ID slot_id, CK_ATTRIBUTE *attrs); -void mock_module_reset_objects (CK_SLOT_ID slot_id); - CK_RV mock_C_Initialize (CK_VOID_PTR init_args); CK_RV mock_C_Initialize__fails (CK_VOID_PTR init_args); +CK_RV mock_X_Initialize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR init_args); + CK_RV mock_C_Finalize (CK_VOID_PTR reserved); +CK_RV mock_X_Finalize (CK_X_FUNCTION_LIST *self, + CK_VOID_PTR reserved); + CK_RV mock_C_GetInfo (CK_INFO_PTR info); +CK_RV mock_X_GetInfo (CK_X_FUNCTION_LIST *self, + CK_INFO_PTR info); + CK_RV mock_C_GetFunctionList_not_supported (CK_FUNCTION_LIST_PTR_PTR list); CK_RV mock_C_GetSlotList (CK_BBOOL token_present, @@ -140,16 +164,29 @@ CK_RV mock_C_GetSlotList__fail_late (CK_BBOOL token_present CK_RV mock_C_GetSlotInfo (CK_SLOT_ID slot_id, CK_SLOT_INFO_PTR info); +CK_RV mock_X_GetSlotList__no_tokens (CK_X_FUNCTION_LIST *self, + CK_BBOOL token_present, + CK_SLOT_ID_PTR slot_list, + CK_ULONG_PTR count); + CK_RV mock_C_GetSlotInfo__invalid_slotid (CK_SLOT_ID slot_id, CK_SLOT_INFO_PTR info); +CK_RV mock_X_GetSlotInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_SLOT_INFO_PTR info); + CK_RV mock_C_GetTokenInfo (CK_SLOT_ID slot_id, CK_TOKEN_INFO_PTR info); CK_RV mock_C_GetTokenInfo__invalid_slotid (CK_SLOT_ID slot_id, CK_TOKEN_INFO_PTR info); -CK_RV mock_C_GetTokenInfo_not_initialized (CK_SLOT_ID slot_id, +CK_RV mock_X_GetTokenInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_TOKEN_INFO_PTR info); + +CK_RV mock_C_GetTokenInfo__not_initialized (CK_SLOT_ID slot_id, CK_TOKEN_INFO_PTR info); CK_RV mock_C_GetMechanismList (CK_SLOT_ID slot_id, @@ -160,6 +197,11 @@ CK_RV mock_C_GetMechanismList__invalid_slotid (CK_SLOT_ID slot_id, CK_MECHANISM_TYPE_PTR mechanism_list, CK_ULONG_PTR count); +CK_RV mock_X_GetMechanismList__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE_PTR mechanism_list, + CK_ULONG_PTR count); + CK_RV mock_C_GetMechanismInfo (CK_SLOT_ID slot_id, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR info); @@ -168,6 +210,11 @@ CK_RV mock_C_GetMechanismInfo__invalid_slotid (CK_SLOT_ID slot_id, CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR info); +CK_RV mock_X_GetMechanismInfo__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR info); + CK_RV mock_C_InitToken__specific_args (CK_SLOT_ID slot_id, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, @@ -178,6 +225,13 @@ CK_RV mock_C_InitToken__invalid_slotid (CK_SLOT_ID slot_id, CK_ULONG pin_len, CK_UTF8CHAR_PTR label); +CK_RV mock_X_InitToken__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len, + CK_UTF8CHAR_PTR label); + + CK_RV mock_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved); @@ -186,12 +240,24 @@ CK_RV mock_C_WaitForSlotEvent__no_event (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved); +CK_RV mock_X_WaitForSlotEvent__no_event (CK_X_FUNCTION_LIST *self, + CK_FLAGS flags, + CK_SLOT_ID_PTR slot, + CK_VOID_PTR reserved); + CK_RV mock_C_OpenSession__invalid_slotid (CK_SLOT_ID slot_id, CK_FLAGS flags, CK_VOID_PTR user_data, CK_NOTIFY callback, CK_SESSION_HANDLE_PTR session); +CK_RV mock_X_OpenSession__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id, + CK_FLAGS flags, + CK_VOID_PTR user_data, + CK_NOTIFY callback, + CK_SESSION_HANDLE_PTR session); + CK_RV mock_C_OpenSession__fails (CK_SLOT_ID slot_id, CK_FLAGS flags, CK_VOID_PTR user_data, @@ -208,10 +274,16 @@ CK_RV mock_C_CloseSession (CK_SESSION_HANDLE sess CK_RV mock_C_CloseSession__invalid_handle (CK_SESSION_HANDLE session); +CK_RV mock_X_CloseSession__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session); + CK_RV mock_C_CloseAllSessions (CK_SLOT_ID slot_id); CK_RV mock_C_CloseAllSessions__invalid_slotid (CK_SLOT_ID slot_id); +CK_RV mock_X_CloseAllSessions__invalid_slotid (CK_X_FUNCTION_LIST *self, + CK_SLOT_ID slot_id); + CK_RV mock_C_GetFunctionStatus (CK_SESSION_HANDLE session); CK_RV mock_C_GetFunctionStatus__not_parallel (CK_SESSION_HANDLE session); @@ -226,6 +298,10 @@ CK_RV mock_C_GetSessionInfo (CK_SESSION_HANDLE sess CK_RV mock_C_GetSessionInfo__invalid_handle (CK_SESSION_HANDLE session, CK_SESSION_INFO_PTR info); +CK_RV mock_X_GetSessionInfo__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_SESSION_INFO_PTR info); + CK_RV mock_C_InitPIN__specific_args (CK_SESSION_HANDLE session, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len); @@ -234,6 +310,11 @@ CK_RV mock_C_InitPIN__invalid_handle (CK_SESSION_HANDLE sess CK_UTF8CHAR_PTR pin, CK_ULONG pin_len); +CK_RV mock_X_InitPIN__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len); + CK_RV mock_C_SetPIN__specific_args (CK_SESSION_HANDLE session, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len, @@ -246,6 +327,13 @@ CK_RV mock_C_SetPIN__invalid_handle (CK_SESSION_HANDLE sess CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len); +CK_RV mock_X_SetPIN__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_UTF8CHAR_PTR old_pin, + CK_ULONG old_pin_len, + CK_UTF8CHAR_PTR new_pin, + CK_ULONG new_pin_len); + CK_RV mock_C_GetOperationState (CK_SESSION_HANDLE session, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len); @@ -254,6 +342,11 @@ CK_RV mock_C_GetOperationState__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len); +CK_RV mock_X_GetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG_PTR operation_state_len); + CK_RV mock_C_SetOperationState (CK_SESSION_HANDLE session, CK_BYTE_PTR operation_state, CK_ULONG operation_state_len, @@ -266,6 +359,13 @@ CK_RV mock_C_SetOperationState__invalid_handle (CK_SESSION_HANDLE sess CK_OBJECT_HANDLE encryption_key, CK_OBJECT_HANDLE authentication_key); +CK_RV mock_X_SetOperationState__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR operation_state, + CK_ULONG operation_state_len, + CK_OBJECT_HANDLE encryption_key, + CK_OBJECT_HANDLE authentication_key); + CK_RV mock_C_Login (CK_SESSION_HANDLE session, CK_USER_TYPE user_type, CK_UTF8CHAR_PTR pin, @@ -276,10 +376,19 @@ CK_RV mock_C_Login__invalid_handle (CK_SESSION_HANDLE sess CK_UTF8CHAR_PTR pin, CK_ULONG pin_len); +CK_RV mock_X_Login__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_USER_TYPE user_type, + CK_UTF8CHAR_PTR pin, + CK_ULONG pin_len); + CK_RV mock_C_Logout (CK_SESSION_HANDLE session); CK_RV mock_C_Logout__invalid_handle (CK_SESSION_HANDLE session); +CK_RV mock_X_Logout__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session); + CK_RV mock_C_CreateObject (CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR template, CK_ULONG count, @@ -290,6 +399,12 @@ CK_RV mock_C_CreateObject__invalid_handle (CK_SESSION_HANDLE sess CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object); +CK_RV mock_X_CreateObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object); + CK_RV mock_C_CopyObject (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR template, @@ -302,12 +417,23 @@ CK_RV mock_C_CopyObject__invalid_handle (CK_SESSION_HANDLE sess CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object); +CK_RV mock_X_CopyObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR new_object); + CK_RV mock_C_DestroyObject (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object); CK_RV mock_C_DestroyObject__invalid_handle (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object); +CK_RV mock_X_DestroyObject__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object); + CK_RV mock_C_GetObjectSize (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ULONG_PTR size); @@ -316,6 +442,11 @@ CK_RV mock_C_GetObjectSize__invalid_handle (CK_SESSION_HANDLE sess CK_OBJECT_HANDLE object, CK_ULONG_PTR size); +CK_RV mock_X_GetObjectSize__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ULONG_PTR size); + CK_RV mock_C_GetAttributeValue (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR template, @@ -326,6 +457,12 @@ CK_RV mock_C_GetAttributeValue__invalid_handle (CK_SESSION_HANDLE sess CK_ATTRIBUTE_PTR template, CK_ULONG count); +CK_RV mock_X_GetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + CK_RV mock_C_GetAttributeValue__fail_first (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR template, @@ -346,6 +483,12 @@ CK_RV mock_C_SetAttributeValue__invalid_handle (CK_SESSION_HANDLE sess CK_ATTRIBUTE_PTR template, CK_ULONG count); +CK_RV mock_X_SetAttributeValue__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + CK_RV mock_C_FindObjectsInit (CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR template, CK_ULONG count); @@ -354,6 +497,11 @@ CK_RV mock_C_FindObjectsInit__invalid_handle (CK_SESSION_HANDLE sess CK_ATTRIBUTE_PTR template, CK_ULONG count); +CK_RV mock_X_FindObjectsInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_ATTRIBUTE_PTR template, + CK_ULONG count); + CK_RV mock_C_FindObjectsInit__fails (CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR template, CK_ULONG count); @@ -368,6 +516,12 @@ CK_RV mock_C_FindObjects__invalid_handle (CK_SESSION_HANDLE sess CK_ULONG max_count, CK_ULONG_PTR count); +CK_RV mock_X_FindObjects__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR objects, + CK_ULONG max_count, + CK_ULONG_PTR count); + CK_RV mock_C_FindObjects__fails (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE_PTR objects, CK_ULONG max_count, @@ -377,6 +531,9 @@ CK_RV mock_C_FindObjectsFinal (CK_SESSION_HANDLE sess CK_RV mock_C_FindObjectsFinal__invalid_handle (CK_SESSION_HANDLE session); +CK_RV mock_X_FindObjectsFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session); + CK_RV mock_C_EncryptInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); @@ -385,6 +542,11 @@ CK_RV mock_C_EncryptInit__invalid_handle (CK_SESSION_HANDLE sess CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); +CK_RV mock_X_EncryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + CK_RV mock_C_Encrypt (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -397,6 +559,13 @@ CK_RV mock_C_Encrypt__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len); +CK_RV mock_X_Encrypt__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR encrypted_data, + CK_ULONG_PTR encrypted_data_len); + CK_RV mock_C_EncryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len, @@ -409,6 +578,13 @@ CK_RV mock_C_EncryptUpdate__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR encrypted_part, CK_ULONG_PTR encrypted_part_len); +CK_RV mock_X_EncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR encrypted_part, + CK_ULONG_PTR encrypted_part_len); + CK_RV mock_C_EncryptFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR last_encrypted_part, CK_ULONG_PTR last_encrypted_part_len); @@ -417,6 +593,11 @@ CK_RV mock_C_EncryptFinal__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR last_part, CK_ULONG_PTR last_part_len); +CK_RV mock_X_EncryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len); + CK_RV mock_C_DecryptInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); @@ -425,6 +606,11 @@ CK_RV mock_C_DecryptInit__invalid_handle (CK_SESSION_HANDLE sess CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); +CK_RV mock_X_DecryptInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + CK_RV mock_C_Decrypt (CK_SESSION_HANDLE session, CK_BYTE_PTR encrypted_data, CK_ULONG encrypted_data_len, @@ -437,6 +623,13 @@ CK_RV mock_C_Decrypt__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR data, CK_ULONG_PTR data_len); +CK_RV mock_X_Decrypt__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_data, + CK_ULONG enc_data_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len); + CK_RV mock_C_DecryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR encrypted_part, CK_ULONG encrypted_part_len, @@ -449,6 +642,13 @@ CK_RV mock_C_DecryptUpdate__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR part, CK_ULONG_PTR part_len); +CK_RV mock_X_DecryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + CK_RV mock_C_DecryptFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR last_part, CK_ULONG_PTR last_part_len); @@ -457,12 +657,21 @@ CK_RV mock_C_DecryptFinal__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR last_part, CK_ULONG_PTR last_part_len); +CK_RV mock_X_DecryptFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR last_part, + CK_ULONG_PTR last_part_len); + CK_RV mock_C_DigestInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism); CK_RV mock_C_DigestInit__invalid_handle (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism); +CK_RV mock_X_DigestInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism); + CK_RV mock_C_Digest (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -475,6 +684,13 @@ CK_RV mock_C_Digest__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR digest, CK_ULONG_PTR digest_len); +CK_RV mock_X_Digest__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len); + CK_RV mock_C_DigestUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len); @@ -483,12 +699,21 @@ CK_RV mock_C_DigestUpdate__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR part, CK_ULONG part_len); +CK_RV mock_X_DigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + CK_RV mock_C_DigestKey (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key); CK_RV mock_C_DigestKey__invalid_handle (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key); +CK_RV mock_X_DigestKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE key); + CK_RV mock_C_DigestFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR digest, CK_ULONG_PTR digest_len); @@ -497,6 +722,11 @@ CK_RV mock_C_DigestFinal__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR digest, CK_ULONG_PTR digest_len); +CK_RV mock_X_DigestFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR digest, + CK_ULONG_PTR digest_len); + CK_RV mock_C_SignInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); @@ -505,6 +735,11 @@ CK_RV mock_C_SignInit__invalid_handle (CK_SESSION_HANDLE sess CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); +CK_RV mock_X_SignInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + CK_RV mock_C_Sign (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -517,6 +752,13 @@ CK_RV mock_C_Sign__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR signature, CK_ULONG_PTR signature_len); +CK_RV mock_X_Sign__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + CK_RV mock_C_SignUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len); @@ -525,6 +767,11 @@ CK_RV mock_C_SignUpdate__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR part, CK_ULONG part_len); +CK_RV mock_X_SignUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + CK_RV mock_C_SignFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR signature, CK_ULONG_PTR signature_len); @@ -533,6 +780,11 @@ CK_RV mock_C_SignFinal__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR signature, CK_ULONG_PTR signature_len); +CK_RV mock_X_SignFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + CK_RV mock_C_SignRecoverInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); @@ -541,6 +793,11 @@ CK_RV mock_C_SignRecoverInit__invalid_handle (CK_SESSION_HANDLE sess CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); +CK_RV mock_X_SignRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + CK_RV mock_C_SignRecover (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -553,6 +810,13 @@ CK_RV mock_C_SignRecover__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR signature, CK_ULONG_PTR signature_len); +CK_RV mock_X_SignRecover__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG_PTR signature_len); + CK_RV mock_C_VerifyInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); @@ -561,6 +825,11 @@ CK_RV mock_C_VerifyInit__invalid_handle (CK_SESSION_HANDLE sess CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); +CK_RV mock_X_VerifyInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + CK_RV mock_C_Verify (CK_SESSION_HANDLE session, CK_BYTE_PTR data, CK_ULONG data_len, @@ -573,6 +842,13 @@ CK_RV mock_C_Verify__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR signature, CK_ULONG signature_len); +CK_RV mock_X_Verify__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR data, + CK_ULONG data_len, + CK_BYTE_PTR signature, + CK_ULONG signature_len); + CK_RV mock_C_VerifyUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len); @@ -581,6 +857,11 @@ CK_RV mock_C_VerifyUpdate__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR part, CK_ULONG part_len); +CK_RV mock_X_VerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len); + CK_RV mock_C_VerifyFinal (CK_SESSION_HANDLE session, CK_BYTE_PTR signature, CK_ULONG signature_len); @@ -589,6 +870,11 @@ CK_RV mock_C_VerifyFinal__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR signature, CK_ULONG signature_len); +CK_RV mock_X_VerifyFinal__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len); + CK_RV mock_C_VerifyRecoverInit (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); @@ -597,6 +883,11 @@ CK_RV mock_C_VerifyRecoverInit__invalid_handle (CK_SESSION_HANDLE sess CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE key); +CK_RV mock_X_VerifyRecoverInit__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE key); + CK_RV mock_C_VerifyRecover (CK_SESSION_HANDLE session, CK_BYTE_PTR signature, CK_ULONG signature_len, @@ -609,6 +900,13 @@ CK_RV mock_C_VerifyRecover__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR data, CK_ULONG_PTR data_len); +CK_RV mock_X_VerifyRecover__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR signature, + CK_ULONG signature_len, + CK_BYTE_PTR data, + CK_ULONG_PTR data_len); + CK_RV mock_C_DigestEncryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len, @@ -621,6 +919,13 @@ CK_RV mock_C_DigestEncryptUpdate__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR enc_part, CK_ULONG_PTR enc_part_len); +CK_RV mock_X_DigestEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len); + CK_RV mock_C_DecryptDigestUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR encrypted_part, CK_ULONG encrypted_part_len, @@ -633,6 +938,13 @@ CK_RV mock_C_DecryptDigestUpdate__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR part, CK_ULONG_PTR part_len); +CK_RV mock_X_DecryptDigestUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + CK_RV mock_C_SignEncryptUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR part, CK_ULONG part_len, @@ -645,6 +957,13 @@ CK_RV mock_C_SignEncryptUpdate__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR enc_part, CK_ULONG_PTR enc_part_len); +CK_RV mock_X_SignEncryptUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR part, + CK_ULONG part_len, + CK_BYTE_PTR enc_part, + CK_ULONG_PTR enc_part_len); + CK_RV mock_C_DecryptVerifyUpdate (CK_SESSION_HANDLE session, CK_BYTE_PTR encrypted_part, CK_ULONG encrypted_part_len, @@ -657,6 +976,13 @@ CK_RV mock_C_DecryptVerifyUpdate__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR part, CK_ULONG_PTR part_len); +CK_RV mock_X_DecryptVerifyUpdate__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR enc_part, + CK_ULONG enc_part_len, + CK_BYTE_PTR part, + CK_ULONG_PTR part_len); + CK_RV mock_C_GenerateKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR template, @@ -669,6 +995,13 @@ CK_RV mock_C_GenerateKey__invalid_handle (CK_SESSION_HANDLE sess CK_ULONG count, CK_OBJECT_HANDLE_PTR key); +CK_RV mock_X_GenerateKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + CK_RV mock_C_GenerateKeyPair (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_ATTRIBUTE_PTR public_key_template, @@ -687,6 +1020,16 @@ CK_RV mock_C_GenerateKeyPair__invalid_handle (CK_SESSION_HANDLE sess CK_OBJECT_HANDLE_PTR pub_key, CK_OBJECT_HANDLE_PTR priv_key); +CK_RV mock_X_GenerateKeyPair__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_ATTRIBUTE_PTR pub_template, + CK_ULONG pub_count, + CK_ATTRIBUTE_PTR priv_template, + CK_ULONG priv_count, + CK_OBJECT_HANDLE_PTR pub_key, + CK_OBJECT_HANDLE_PTR priv_key); + CK_RV mock_C_WrapKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE wrapping_key, @@ -701,6 +1044,14 @@ CK_RV mock_C_WrapKey__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR wrapped_key, CK_ULONG_PTR wrapped_key_len); +CK_RV mock_X_WrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE wrapping_key, + CK_OBJECT_HANDLE key, + CK_BYTE_PTR wrapped_key, + CK_ULONG_PTR wrapped_key_len); + CK_RV mock_C_UnwrapKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE unwrapping_key, @@ -719,6 +1070,16 @@ CK_RV mock_C_UnwrapKey__invalid_handle (CK_SESSION_HANDLE sess CK_ULONG count, CK_OBJECT_HANDLE_PTR key); +CK_RV mock_X_UnwrapKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE unwrapping_key, + CK_BYTE_PTR wrapped_key, + CK_ULONG wrapped_key_len, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + CK_RV mock_C_DeriveKey (CK_SESSION_HANDLE session, CK_MECHANISM_PTR mechanism, CK_OBJECT_HANDLE base_key, @@ -733,6 +1094,14 @@ CK_RV mock_C_DeriveKey__invalid_handle (CK_SESSION_HANDLE sess CK_ULONG count, CK_OBJECT_HANDLE_PTR key); +CK_RV mock_X_DeriveKey__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_MECHANISM_PTR mechanism, + CK_OBJECT_HANDLE base_key, + CK_ATTRIBUTE_PTR template, + CK_ULONG count, + CK_OBJECT_HANDLE_PTR key); + CK_RV mock_C_SeedRandom (CK_SESSION_HANDLE session, CK_BYTE_PTR seed, CK_ULONG seed_len); @@ -741,6 +1110,11 @@ CK_RV mock_C_SeedRandom__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR seed, CK_ULONG seed_len); +CK_RV mock_X_SeedRandom__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR seed, + CK_ULONG seed_len); + CK_RV mock_C_GenerateRandom (CK_SESSION_HANDLE session, CK_BYTE_PTR random_data, CK_ULONG random_len); @@ -749,4 +1123,9 @@ CK_RV mock_C_GenerateRandom__invalid_handle (CK_SESSION_HANDLE sess CK_BYTE_PTR random_data, CK_ULONG random_len); +CK_RV mock_X_GenerateRandom__invalid_handle (CK_X_FUNCTION_LIST *self, + CK_SESSION_HANDLE session, + CK_BYTE_PTR random_data, + CK_ULONG random_len); + #endif /* __MOCK_H__ */ diff --git a/common/path.c b/common/path.c index bba2c23..3f1fccc 100644 --- a/common/path.c +++ b/common/path.c @@ -201,11 +201,11 @@ p11_path_absolute (const char *path) { return_val_if_fail (path != NULL, false); -#ifdef OS_UNIX - return (path[0] == '/'); -#else - return (path[0] != '\0' && path[1] == ':' && path[2] == '\\'); + return (path[0] == '/') +#ifdef OS_WIN32 + || (path[0] != '\0' && path[1] == ':' && path[2] == '\\') #endif + ; } char * diff --git a/common/pkcs11x.h b/common/pkcs11x.h index 58be460..dfb2a6c 100644 --- a/common/pkcs11x.h +++ b/common/pkcs11x.h @@ -149,6 +149,444 @@ typedef CK_ULONG CK_X_ASSERTION_TYPE; #endif /* CRYPTOKI_X_VENDOR_DEFINED */ +/* ------------------------------------------------------------------- + * SUBCLASSABLE PKCS#11 FUNCTIONS + */ + +typedef struct _CK_X_FUNCTION_LIST CK_X_FUNCTION_LIST; + +typedef CK_RV (* CK_X_Initialize) (CK_X_FUNCTION_LIST *, + CK_VOID_PTR); + +typedef CK_RV (* CK_X_Finalize) (CK_X_FUNCTION_LIST *, + CK_VOID_PTR); + +typedef CK_RV (* CK_X_GetInfo) (CK_X_FUNCTION_LIST *, + CK_INFO_PTR); + +typedef CK_RV (* CK_X_GetSlotList) (CK_X_FUNCTION_LIST *, + CK_BBOOL, + CK_SLOT_ID_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GetSlotInfo) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_SLOT_INFO_PTR); + +typedef CK_RV (* CK_X_GetTokenInfo) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_TOKEN_INFO_PTR); + +typedef CK_RV (* CK_X_GetMechanismList) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_MECHANISM_TYPE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GetMechanismInfo) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_MECHANISM_TYPE, + CK_MECHANISM_INFO_PTR); + +typedef CK_RV (* CK_X_InitToken) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR); + +typedef CK_RV (* CK_X_InitPIN) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_SetPIN) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_OpenSession) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID, + CK_FLAGS, + CK_VOID_PTR, + CK_NOTIFY, + CK_SESSION_HANDLE_PTR); + +typedef CK_RV (* CK_X_CloseSession) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE); + +typedef CK_RV (* CK_X_CloseAllSessions) (CK_X_FUNCTION_LIST *, + CK_SLOT_ID); + +typedef CK_RV (* CK_X_GetSessionInfo) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_SESSION_INFO_PTR); + +typedef CK_RV (* CK_X_GetOperationState) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SetOperationState) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Login) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_USER_TYPE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_Logout) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE); + +typedef CK_RV (* CK_X_CreateObject) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_CopyObject) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_DestroyObject) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_GetObjectSize) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GetAttributeValue) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_SetAttributeValue) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_FindObjectsInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_FindObjects) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE_PTR, + CK_ULONG, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_FindObjectsFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE); + +typedef CK_RV (* CK_X_EncryptInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Encrypt) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_EncryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_EncryptFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Decrypt) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DigestInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR); + +typedef CK_RV (* CK_X_Digest) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DigestUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_DigestKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_DigestFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Sign) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_SignFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignRecoverInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_SignRecover) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_VerifyInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_Verify) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_VerifyUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_VerifyFinal) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_VerifyRecoverInit) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE); + +typedef CK_RV (* CK_X_VerifyRecover) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DigestEncryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptDigestUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_SignEncryptUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_DecryptVerifyUpdate) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_GenerateKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_GenerateKeyPair) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_WrapKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE, + CK_OBJECT_HANDLE, + CK_BYTE_PTR, + CK_ULONG_PTR); + +typedef CK_RV (* CK_X_UnwrapKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE, + CK_BYTE_PTR, + CK_ULONG, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_DeriveKey) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_MECHANISM_PTR, + CK_OBJECT_HANDLE, + CK_ATTRIBUTE_PTR, + CK_ULONG, + CK_OBJECT_HANDLE_PTR); + +typedef CK_RV (* CK_X_SeedRandom) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_GenerateRandom) (CK_X_FUNCTION_LIST *, + CK_SESSION_HANDLE, + CK_BYTE_PTR, + CK_ULONG); + +typedef CK_RV (* CK_X_WaitForSlotEvent) (CK_X_FUNCTION_LIST *, + CK_FLAGS, + CK_SLOT_ID_PTR, + CK_VOID_PTR); + +struct _CK_X_FUNCTION_LIST { + CK_VERSION version; + CK_X_Initialize C_Initialize; + CK_X_Finalize C_Finalize; + CK_X_GetInfo C_GetInfo; + CK_X_GetSlotList C_GetSlotList; + CK_X_GetSlotInfo C_GetSlotInfo; + CK_X_GetTokenInfo C_GetTokenInfo; + CK_X_GetMechanismList C_GetMechanismList; + CK_X_GetMechanismInfo C_GetMechanismInfo; + CK_X_InitToken C_InitToken; + CK_X_InitPIN C_InitPIN; + CK_X_SetPIN C_SetPIN; + CK_X_OpenSession C_OpenSession; + CK_X_CloseSession C_CloseSession; + CK_X_CloseAllSessions C_CloseAllSessions; + CK_X_GetSessionInfo C_GetSessionInfo; + CK_X_GetOperationState C_GetOperationState; + CK_X_SetOperationState C_SetOperationState; + CK_X_Login C_Login; + CK_X_Logout C_Logout; + CK_X_CreateObject C_CreateObject; + CK_X_CopyObject C_CopyObject; + CK_X_DestroyObject C_DestroyObject; + CK_X_GetObjectSize C_GetObjectSize; + CK_X_GetAttributeValue C_GetAttributeValue; + CK_X_SetAttributeValue C_SetAttributeValue; + CK_X_FindObjectsInit C_FindObjectsInit; + CK_X_FindObjects C_FindObjects; + CK_X_FindObjectsFinal C_FindObjectsFinal; + CK_X_EncryptInit C_EncryptInit; + CK_X_Encrypt C_Encrypt; + CK_X_EncryptUpdate C_EncryptUpdate; + CK_X_EncryptFinal C_EncryptFinal; + CK_X_DecryptInit C_DecryptInit; + CK_X_Decrypt C_Decrypt; + CK_X_DecryptUpdate C_DecryptUpdate; + CK_X_DecryptFinal C_DecryptFinal; + CK_X_DigestInit C_DigestInit; + CK_X_Digest C_Digest; + CK_X_DigestUpdate C_DigestUpdate; + CK_X_DigestKey C_DigestKey; + CK_X_DigestFinal C_DigestFinal; + CK_X_SignInit C_SignInit; + CK_X_Sign C_Sign; + CK_X_SignUpdate C_SignUpdate; + CK_X_SignFinal C_SignFinal; + CK_X_SignRecoverInit C_SignRecoverInit; + CK_X_SignRecover C_SignRecover; + CK_X_VerifyInit C_VerifyInit; + CK_X_Verify C_Verify; + CK_X_VerifyUpdate C_VerifyUpdate; + CK_X_VerifyFinal C_VerifyFinal; + CK_X_VerifyRecoverInit C_VerifyRecoverInit; + CK_X_VerifyRecover C_VerifyRecover; + CK_X_DigestEncryptUpdate C_DigestEncryptUpdate; + CK_X_DecryptDigestUpdate C_DecryptDigestUpdate; + CK_X_SignEncryptUpdate C_SignEncryptUpdate; + CK_X_DecryptVerifyUpdate C_DecryptVerifyUpdate; + CK_X_GenerateKey C_GenerateKey; + CK_X_GenerateKeyPair C_GenerateKeyPair; + CK_X_WrapKey C_WrapKey; + CK_X_UnwrapKey C_UnwrapKey; + CK_X_DeriveKey C_DeriveKey; + CK_X_SeedRandom C_SeedRandom; + CK_X_GenerateRandom C_GenerateRandom; + CK_X_WaitForSlotEvent C_WaitForSlotEvent; +}; + #if defined(__cplusplus) } #endif diff --git a/common/test.c b/common/test.c new file mode 100644 index 0000000..8866e48 --- /dev/null +++ b/common/test.c @@ -0,0 +1,261 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "config.h" + +#define P11_TEST_SOURCE 1 + +#include "test.h" +#include "debug.h" + +#include +#include +#include +#include +#include +#include + +enum { + FIXTURE, + TEST, +}; + +typedef void (*func_with_arg) (void *); + +typedef struct _test_item { + int type; + + union { + struct { + char name[1024]; + func_with_arg func; + void *argument; + int failed; + } test; + struct { + func_with_arg setup; + func_with_arg teardown; + } fix; + } x; + + struct _test_item *next; +} test_item; + +struct { + test_item *suite; + test_item *last; + int number; + jmp_buf jump; +} gl = { NULL, NULL, 0, }; + +void +p11_test_fail (const char *filename, + int line, + const char *function, + const char *message, + ...) +{ + const char *pos; + char *output; + char *from; + char *next; + va_list va; + + assert (gl.last != NULL); + assert (gl.last->type == TEST); + gl.last->x.test.failed = 1; + + printf ("not ok %d %s\n", gl.number, gl.last->x.test.name); + + va_start (va, message); + if (vasprintf (&output, message, va) < 0) + assert (0 && "vasprintf() failed"); + va_end (va); + + for (from = output; from != NULL; ) { + next = strchr (from, '\n'); + if (next) { + next[0] = '\0'; + next += 1; + } + + printf ("# %s\n", from); + from = next; + } + + pos = strrchr (filename, '/'); + if (pos != NULL && pos[1] != '\0') + filename = pos + 1; + + printf ("# in %s() at %s:%d\n", function, filename, line); + + free (output); +} + +static void +test_push (test_item *it) +{ + test_item *item; + + item = calloc (1, sizeof (test_item)); + assert (item != NULL); + memcpy (item, it, sizeof (test_item)); + + if (!gl.suite) + gl.suite = item; + if (gl.last) + gl.last->next = item; + gl.last = item; +} + +void +p11_test (void (* function) (void), + const char *name, + ...) +{ + test_item item = { TEST, }; + va_list va; + + item.x.test.func = (func_with_arg)function; + + va_start (va, name); + vsnprintf (item.x.test.name, sizeof (item.x.test.name), name, va); + va_end (va); + + test_push (&item); +} + +void +p11_testx (void (* function) (void *), + void *argument, + const char *name, + ...) +{ + test_item item = { TEST, }; + va_list va; + + item.type = TEST; + item.x.test.func = function; + item.x.test.argument = argument; + + va_start (va, name); + vsnprintf (item.x.test.name, sizeof (item.x.test.name), name, va); + va_end (va); + + test_push (&item); +} + +void +p11_fixture (void (* setup) (void *), + void (* teardown) (void *)) +{ + test_item item; + + item.type = FIXTURE; + item.x.fix.setup = setup; + item.x.fix.teardown = teardown; + + test_push (&item); +} + +int +p11_test_run (int argc, + char **argv) +{ + test_item *fixture = NULL; + test_item *item; + test_item *next; + int count; + int ret = 0; + + /* p11-kit specific stuff */ + putenv ("P11_KIT_STRICT=1"); + p11_debug_init (); + + assert (gl.number == 0); + gl.last = NULL; + + for (item = gl.suite, count = 0; item != NULL; item = item->next) { + if (item->type == TEST) + count++; + } + + if (count == 0) { + printf ("1..0 # No tests\n"); + return 0; + } + + printf ("1..%d\n", count); + + for (item = gl.suite, gl.number = 0; item != NULL; item = item->next) { + if (item->type == FIXTURE) { + fixture = item; + continue; + } + + assert (item->type == TEST); + gl.last = item; + gl.number++; + + if (setjmp (gl.jump) == 0) { + if (fixture && fixture->x.fix.setup) + (fixture->x.fix.setup) (item->x.test.argument); + + assert (item->x.test.func); + (item->x.test.func)(item->x.test.argument); + + if (fixture && fixture->x.fix.teardown) + (fixture->x.fix.teardown) (item->x.test.argument); + + printf ("ok %d %s\n", gl.number, item->x.test.name); + } + + gl.last = NULL; + } + + for (item = gl.suite; item != NULL; item = next) { + if (item->type == TEST) { + if (item->x.test.failed) + ret++; + } + + next = item->next; + free (item); + } + + gl.suite = NULL; + gl.last = 0; + gl.number = 0; + return ret; +} diff --git a/common/test.h b/common/test.h new file mode 100644 index 0000000..1da3608 --- /dev/null +++ b/common/test.h @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2013, Red Hat Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * * Redistributions in binary form must reproduce the + * above copyright notice, this list of conditions and + * the following disclaimer in the documentation and/or + * other materials provided with the distribution. + * * The names of contributors to this software may not be + * used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF + * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH + * DAMAGE. + * + * Author: Stef Walter + */ + +#include "compat.h" + +#ifndef P11_TEST_H_ +#define P11_TEST_H_ + +#ifndef P11_TEST_SOURCE + +#include + +#ifdef assert_not_reached +#undef assert_not_reached +#endif + +#ifdef assert +#undef assert +#endif + +#define assert(expr) \ + assert_true(expr) +#define assert_true(expr) \ + do { if (expr) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s)", #expr); \ + } while (0) +#define assert_false(expr) \ + do { if (expr) \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (!(%s))", #expr); \ + } while (0) +#define assert_fail(msg, detail) \ + do { const char *__s = (detail); \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "%s%s%s", (msg), __s ? ": ": "", __s ? __s : ""); \ + } while (0) +#define assert_not_reached(msg) \ + do { \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "code should not be reached"); \ + } while (0) +#define assert_ptr_not_null(ptr) \ + do { if ((ptr) != NULL) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s != NULL)", #ptr); \ + } while (0) +#define assert_num_cmp(a1, cmp, a2) \ + do { unsigned long __n1 = (a1); \ + unsigned long __n2 = (a2); \ + if (__n1 cmp __n2) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s %s %s): (%lu %s %lu)", \ + #a1, #cmp, #a2, __n1, #cmp, __n2); \ + } while (0) +#define assert_num_eq(a1, a2) \ + assert_num_cmp(a1, ==, a2) +#define assert_str_cmp(a1, cmp, a2) \ + do { const char *__s1 = (a1); \ + const char *__s2 = (a2); \ + if (__s1 && __s2 && strcmp (__s1, __s2) cmp 0) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s %s %s): (%s %s %s)", \ + #a1, #cmp, #a2, __s1 ? __s1 : "(null)", #cmp, __s2 ? __s2 : "(null)"); \ + } while (0) +#define assert_str_eq(a1, a2) \ + assert_str_cmp(a1, ==, a2) +#define assert_ptr_eq(a1, a2) \ + do { const void *__p1 = (a1); \ + const void *__p2 = (a2); \ + if (__p1 == __p2) ; else \ + p11_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s == %s): (0x%08lx == 0x%08lx)", \ + #a1, #a2, (unsigned long)(size_t)__p1, (unsigned long)(size_t)__p2); \ + } while (0) + +#define assert_str_contains(expr, needle) \ + do { const char *__str = (expr); \ + if (__str && strstr (__str, needle)) ; else \ + p1_test_fail (__FILE__, __LINE__, __FUNCTION__, "assertion failed (%s): '%s' does not contain '%s'", \ + #expr, __str, needle); \ + } while (0) + +#endif /* !P11_TEST_SOURCE */ + + +void p11_test_fail (const char *filename, + int line, + const char *function, + const char *message, + ...) GNUC_PRINTF(4, 5); + +void p11_test (void (* function) (void), + const char *name, + ...) GNUC_PRINTF(2, 3); + +void p11_testx (void (* function) (void *), + void *argument, + const char *name, + ...) GNUC_PRINTF(3, 4); + +void p11_fixture (void (* setup) (void *), + void (* teardown) (void *)); + +int p11_test_run (int argc, + char **argv); + +#endif /* P11_TEST_H_ */ diff --git a/common/tests/Makefile.am b/common/tests/Makefile.am index 6959c4f..942bc12 100644 --- a/common/tests/Makefile.am +++ b/common/tests/Makefile.am @@ -3,11 +3,11 @@ include $(top_srcdir)/build/Makefile.tests COMMON = $(top_srcdir)/common -INCLUDES = \ +AM_CPPFLAGS = \ -I$(top_srcdir) \ -I$(srcdir)/.. \ -I$(COMMON) \ - $(CUTEST_CFLAGS) + $(TEST_CFLAGS) LDADD = \ $(NULL) @@ -34,7 +34,7 @@ LDADD += \ $(LIBTASN1_LIBS) \ $(NULL) -INCLUDES += \ +AM_CPPFLAGS += \ $(LIBTASN1_CFLAGS) \ $(NULL) @@ -61,5 +61,6 @@ endif # WITH_ASN1 TESTS = $(CHECK_PROGS) LDADD += \ + $(top_builddir)/common/libp11-test.la \ $(top_builddir)/common/libp11-common.la \ $(CUTEST_LIBS) diff --git a/common/tests/Makefile.in b/common/tests/Makefile.in index 4005049..22cca65 100644 --- a/common/tests/Makefile.in +++ b/common/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.13.4 from Makefile.am. +# Makefile.in generated by automake 1.13.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,51 +15,23 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -151,7 +123,8 @@ am__DEPENDENCIES_1 = @WITH_ASN1_TRUE@ $(top_builddir)/common/libp11-data.la \ @WITH_ASN1_TRUE@ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) frob_cert_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -160,98 +133,116 @@ frob_eku_SOURCES = frob-eku.c frob_eku_OBJECTS = frob-eku.$(OBJEXT) frob_eku_LDADD = $(LDADD) frob_eku_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la frob_ku_SOURCES = frob-ku.c frob_ku_OBJECTS = frob-ku.$(OBJEXT) frob_ku_LDADD = $(LDADD) frob_ku_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la frob_oid_SOURCES = frob-oid.c frob_oid_OBJECTS = frob-oid.$(OBJEXT) frob_oid_LDADD = $(LDADD) frob_oid_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_array_SOURCES = test-array.c test_array_OBJECTS = test-array.$(OBJEXT) test_array_LDADD = $(LDADD) test_array_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_asn1_SOURCES = test-asn1.c test_asn1_OBJECTS = test-asn1.$(OBJEXT) test_asn1_LDADD = $(LDADD) test_asn1_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_attrs_SOURCES = test-attrs.c test_attrs_OBJECTS = test-attrs.$(OBJEXT) test_attrs_LDADD = $(LDADD) test_attrs_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_base64_SOURCES = test-base64.c test_base64_OBJECTS = test-base64.$(OBJEXT) test_base64_LDADD = $(LDADD) test_base64_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_buffer_SOURCES = test-buffer.c test_buffer_OBJECTS = test-buffer.$(OBJEXT) test_buffer_LDADD = $(LDADD) test_buffer_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_compat_SOURCES = test-compat.c test_compat_OBJECTS = test-compat.$(OBJEXT) test_compat_LDADD = $(LDADD) test_compat_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_constants_SOURCES = test-constants.c test_constants_OBJECTS = test-constants.$(OBJEXT) test_constants_LDADD = $(LDADD) test_constants_DEPENDENCIES = $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_2) $(top_builddir)/common/libp11-common.la \ - $(CUTEST_LIBS) + $(am__DEPENDENCIES_2) $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_dict_SOURCES = test-dict.c test_dict_OBJECTS = test-dict.$(OBJEXT) test_dict_LDADD = $(LDADD) test_dict_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_hash_SOURCES = test-hash.c test_hash_OBJECTS = test-hash.$(OBJEXT) test_hash_LDADD = $(LDADD) test_hash_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_lexer_SOURCES = test-lexer.c test_lexer_OBJECTS = test-lexer.$(OBJEXT) test_lexer_LDADD = $(LDADD) test_lexer_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_oid_SOURCES = test-oid.c test_oid_OBJECTS = test-oid.$(OBJEXT) test_oid_LDADD = $(LDADD) test_oid_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_path_SOURCES = test-path.c test_path_OBJECTS = test-path.$(OBJEXT) test_path_LDADD = $(LDADD) test_path_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_pem_SOURCES = test-pem.c test_pem_OBJECTS = test-pem.$(OBJEXT) test_pem_LDADD = $(LDADD) test_pem_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_url_SOURCES = test-url.c test_url_OBJECTS = test-url.$(OBJEXT) test_url_LDADD = $(LDADD) test_url_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_utf8_SOURCES = test-utf8.c test_utf8_OBJECTS = test-utf8.$(OBJEXT) test_utf8_LDADD = $(LDADD) test_utf8_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la test_x509_SOURCES = test-x509.c test_x509_OBJECTS = test-x509.$(OBJEXT) test_x509_LDADD = $(LDADD) test_x509_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ - $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) + $(top_builddir)/common/libp11-test.la \ + $(top_builddir)/common/libp11-common.la AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -571,6 +562,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ @@ -684,19 +677,18 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ with_trust_paths = @with_trust_paths@ NULL = -CUTEST_CFLAGS = \ - -I$(top_srcdir)/build/cutest \ +TEST_CFLAGS = \ -DSRCDIR=\"$(abs_srcdir)\" \ -DBUILDDIR=\"$(abs_builddir)\" \ -DP11_KIT_FUTURE_UNSTABLE_API -CUTEST_LIBS = $(top_builddir)/build/libcutest.la MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet --trace-children=yes LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes +HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind COMMON = $(top_srcdir)/common -INCLUDES = -I$(top_srcdir) -I$(srcdir)/.. -I$(COMMON) $(CUTEST_CFLAGS) \ - $(am__append_2) -LDADD = $(NULL) $(am__append_1) \ +AM_CPPFLAGS = -I$(top_srcdir) -I$(srcdir)/.. -I$(COMMON) \ + $(TEST_CFLAGS) $(am__append_2) +LDADD = $(NULL) $(am__append_1) $(top_builddir)/common/libp11-test.la \ $(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) CHECK_PROGS = test-compat test-hash test-dict test-array \ test-constants test-attrs test-buffer test-url test-path \ @@ -745,83 +737,63 @@ clean-noinstPROGRAMS: list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list - frob-cert$(EXEEXT): $(frob_cert_OBJECTS) $(frob_cert_DEPENDENCIES) $(EXTRA_frob_cert_DEPENDENCIES) @rm -f frob-cert$(EXEEXT) $(AM_V_CCLD)$(LINK) $(frob_cert_OBJECTS) $(frob_cert_LDADD) $(LIBS) - frob-eku$(EXEEXT): $(frob_eku_OBJECTS) $(frob_eku_DEPENDENCIES) $(EXTRA_frob_eku_DEPENDENCIES) @rm -f frob-eku$(EXEEXT) $(AM_V_CCLD)$(LINK) $(frob_eku_OBJECTS) $(frob_eku_LDADD) $(LIBS) - frob-ku$(EXEEXT): $(frob_ku_OBJECTS) $(frob_ku_DEPENDENCIES) $(EXTRA_frob_ku_DEPENDENCIES) @rm -f frob-ku$(EXEEXT) $(AM_V_CCLD)$(LINK) $(frob_ku_OBJECTS) $(frob_ku_LDADD) $(LIBS) - frob-oid$(EXEEXT): $(frob_oid_OBJECTS) $(frob_oid_DEPENDENCIES) $(EXTRA_frob_oid_DEPENDENCIES) @rm -f frob-oid$(EXEEXT) $(AM_V_CCLD)$(LINK) $(frob_oid_OBJECTS) $(frob_oid_LDADD) $(LIBS) - test-array$(EXEEXT): $(test_array_OBJECTS) $(test_array_DEPENDENCIES) $(EXTRA_test_array_DEPENDENCIES) @rm -f test-array$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_array_OBJECTS) $(test_array_LDADD) $(LIBS) - test-asn1$(EXEEXT): $(test_asn1_OBJECTS) $(test_asn1_DEPENDENCIES) $(EXTRA_test_asn1_DEPENDENCIES) @rm -f test-asn1$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_asn1_OBJECTS) $(test_asn1_LDADD) $(LIBS) - test-attrs$(EXEEXT): $(test_attrs_OBJECTS) $(test_attrs_DEPENDENCIES) $(EXTRA_test_attrs_DEPENDENCIES) @rm -f test-attrs$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_attrs_OBJECTS) $(test_attrs_LDADD) $(LIBS) - test-base64$(EXEEXT): $(test_base64_OBJECTS) $(test_base64_DEPENDENCIES) $(EXTRA_test_base64_DEPENDENCIES) @rm -f test-base64$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_base64_OBJECTS) $(test_base64_LDADD) $(LIBS) - test-buffer$(EXEEXT): $(test_buffer_OBJECTS) $(test_buffer_DEPENDENCIES) $(EXTRA_test_buffer_DEPENDENCIES) @rm -f test-buffer$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_buffer_OBJECTS) $(test_buffer_LDADD) $(LIBS) - test-compat$(EXEEXT): $(test_compat_OBJECTS) $(test_compat_DEPENDENCIES) $(EXTRA_test_compat_DEPENDENCIES) @rm -f test-compat$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_compat_OBJECTS) $(test_compat_LDADD) $(LIBS) - test-constants$(EXEEXT): $(test_constants_OBJECTS) $(test_constants_DEPENDENCIES) $(EXTRA_test_constants_DEPENDENCIES) @rm -f test-constants$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_constants_OBJECTS) $(test_constants_LDADD) $(LIBS) - test-dict$(EXEEXT): $(test_dict_OBJECTS) $(test_dict_DEPENDENCIES) $(EXTRA_test_dict_DEPENDENCIES) @rm -f test-dict$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_dict_OBJECTS) $(test_dict_LDADD) $(LIBS) - test-hash$(EXEEXT): $(test_hash_OBJECTS) $(test_hash_DEPENDENCIES) $(EXTRA_test_hash_DEPENDENCIES) @rm -f test-hash$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_hash_OBJECTS) $(test_hash_LDADD) $(LIBS) - test-lexer$(EXEEXT): $(test_lexer_OBJECTS) $(test_lexer_DEPENDENCIES) $(EXTRA_test_lexer_DEPENDENCIES) @rm -f test-lexer$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_lexer_OBJECTS) $(test_lexer_LDADD) $(LIBS) - test-oid$(EXEEXT): $(test_oid_OBJECTS) $(test_oid_DEPENDENCIES) $(EXTRA_test_oid_DEPENDENCIES) @rm -f test-oid$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_oid_OBJECTS) $(test_oid_LDADD) $(LIBS) - test-path$(EXEEXT): $(test_path_OBJECTS) $(test_path_DEPENDENCIES) $(EXTRA_test_path_DEPENDENCIES) @rm -f test-path$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_path_OBJECTS) $(test_path_LDADD) $(LIBS) - test-pem$(EXEEXT): $(test_pem_OBJECTS) $(test_pem_DEPENDENCIES) $(EXTRA_test_pem_DEPENDENCIES) @rm -f test-pem$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_pem_OBJECTS) $(test_pem_LDADD) $(LIBS) - test-url$(EXEEXT): $(test_url_OBJECTS) $(test_url_DEPENDENCIES) $(EXTRA_test_url_DEPENDENCIES) @rm -f test-url$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_url_OBJECTS) $(test_url_LDADD) $(LIBS) - test-utf8$(EXEEXT): $(test_utf8_OBJECTS) $(test_utf8_DEPENDENCIES) $(EXTRA_test_utf8_DEPENDENCIES) @rm -f test-utf8$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_utf8_OBJECTS) $(test_utf8_LDADD) $(LIBS) - test-x509$(EXEEXT): $(test_x509_OBJECTS) $(test_x509_DEPENDENCIES) $(EXTRA_test_x509_DEPENDENCIES) @rm -f test-x509$(EXEEXT) $(AM_V_CCLD)$(LINK) $(test_x509_OBJECTS) $(test_x509_LDADD) $(LIBS) @@ -941,7 +913,7 @@ distclean-tags: $(MAKE) $(AM_MAKEFLAGS) $< # Leading 'am--fnord' is there to ensure the list of targets does not -# expand to empty, as could happen e.g. with make check TESTS=''. +# exand to empty, as could happen e.g. with make check TESTS=''. am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) am--force-recheck: @: @@ -1362,6 +1334,9 @@ memcheck: all leakcheck: all make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS +hellcheck: all + make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/common/tests/test-array.c b/common/tests/test-array.c index a796365..8e8f996 100644 --- a/common/tests/test-array.c +++ b/common/tests/test-array.c @@ -33,26 +33,26 @@ */ #include "config.h" -#include "CuTest.h" #include #include #include #include "array.h" +#include "test.h" static void -test_p11_array_create (CuTest *tc) +test_create (void) { p11_array *array; array = p11_array_new (NULL); - CuAssertPtrNotNull (tc, array); + assert_ptr_not_null (array); p11_array_free (array); } static void -test_p11_array_free_null (CuTest *tc) +test_free_null (void) { p11_array_free (NULL); } @@ -65,81 +65,81 @@ destroy_value (void *data) } static void -test_p11_array_free_destroys (CuTest *tc) +test_free_destroys (void) { p11_array *array; int value = 0; array = p11_array_new (destroy_value); - CuAssertPtrNotNull (tc, array); + assert_ptr_not_null (array); if (!p11_array_push (array, &value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); p11_array_free (array); - CuAssertIntEquals (tc, 2, value); + assert_num_eq (2, value); } static void -test_p11_array_add (CuTest *tc) +test_add (void) { char *value = "VALUE"; p11_array *array; array = p11_array_new (NULL); if (!p11_array_push (array, value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); - CuAssertIntEquals (tc, 1, array->num); - CuAssertPtrEquals (tc, array->elem[0], value); + assert_num_eq (1, array->num); + assert_ptr_eq (array->elem[0], value); p11_array_free (array); } static void -test_p11_array_add_remove (CuTest *tc) +test_add_remove (void) { char *value = "VALUE"; p11_array *array; array = p11_array_new (NULL); if (!p11_array_push (array, value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); - CuAssertIntEquals (tc, 1, array->num); + assert_num_eq (1, array->num); - CuAssertPtrEquals (tc, array->elem[0], value); + assert_ptr_eq (array->elem[0], value); p11_array_remove (array, 0); - CuAssertIntEquals (tc, 0, array->num); + assert_num_eq (0, array->num); p11_array_free (array); } static void -test_p11_array_remove_destroys (CuTest *tc) +test_remove_destroys (void) { p11_array *array; int value = 0; array = p11_array_new (destroy_value); if (!p11_array_push (array, &value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); p11_array_remove (array, 0); - CuAssertIntEquals (tc, 2, value); + assert_num_eq (2, value); /* should not be destroyed again */ value = 0; p11_array_free (array); - CuAssertIntEquals (tc, 0, value); + assert_num_eq (0, value); } static void -test_p11_array_remove_and_count (CuTest *tc) +test_remove_and_count (void) { p11_array *array; int *value; @@ -147,75 +147,62 @@ test_p11_array_remove_and_count (CuTest *tc) array = p11_array_new (free); - CuAssertIntEquals (tc, 0, array->num); + assert_num_eq (0, array->num); for (i = 0; i < 20000; ++i) { value = malloc (sizeof (int)); *value = i; if (!p11_array_push (array, value)) - CuFail (tc, "should not be reached"); - CuAssertIntEquals (tc, i + 1, array->num); + assert_not_reached (); + assert_num_eq (i + 1, array->num); } for (i = 10; i < 20000; ++i) { p11_array_remove (array, 10); - CuAssertIntEquals (tc, 20010 - (i + 1), array->num); + assert_num_eq (20010 - (i + 1), array->num); } - CuAssertIntEquals (tc, 10, array->num); + assert_num_eq (10, array->num); p11_array_free (array); } static void -test_p11_array_clear_destroys (CuTest *tc) +test_clear_destroys (void) { p11_array *array; int value = 0; array = p11_array_new (destroy_value); if (!p11_array_push (array, &value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); - CuAssertIntEquals (tc, 1, array->num); + assert_num_eq (1, array->num); p11_array_clear (array); - CuAssertIntEquals (tc, 2, value); - CuAssertIntEquals (tc, 0, array->num); + assert_num_eq (2, value); + assert_num_eq (0, array->num); /* should not be destroyed again */ value = 0; p11_array_free (array); - CuAssertIntEquals (tc, 0, value); + assert_num_eq (0, value); } - int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - SUITE_ADD_TEST (suite, test_p11_array_create); - SUITE_ADD_TEST (suite, test_p11_array_add); - SUITE_ADD_TEST (suite, test_p11_array_add_remove); - SUITE_ADD_TEST (suite, test_p11_array_remove_destroys); - SUITE_ADD_TEST (suite, test_p11_array_remove_and_count); - SUITE_ADD_TEST (suite, test_p11_array_free_null); - SUITE_ADD_TEST (suite, test_p11_array_free_destroys); - SUITE_ADD_TEST (suite, test_p11_array_clear_destroys); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_create, "/array/create"); + p11_test (test_add, "/array/add"); + p11_test (test_add_remove, "/array/add-remove"); + p11_test (test_remove_destroys, "/array/remove-destroys"); + p11_test (test_remove_and_count, "/array/remove-and-count"); + p11_test (test_free_null, "/array/free-null"); + p11_test (test_free_destroys, "/array/free-destroys"); + p11_test (test_clear_destroys, "/array/clear-destroys"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-asn1.c b/common/tests/test-asn1.c index 0335fa6..710928c 100644 --- a/common/tests/test-asn1.c +++ b/common/tests/test-asn1.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include "asn1.h" #include "debug.h" @@ -49,21 +49,21 @@ struct { } test; static void -setup (CuTest *cu) +setup (void *unused) { test.asn1_defs = p11_asn1_defs_load (); - CuAssertPtrNotNull (cu, test.asn1_defs); + assert_ptr_not_null (test.asn1_defs); } static void -teardown (CuTest *cu) +teardown (void *unused) { p11_dict_free (test.asn1_defs); memset (&test, 0, sizeof (test)); } static void -test_tlv_length (CuTest *cu) +test_tlv_length (void) { struct { const char *der; @@ -79,14 +79,10 @@ test_tlv_length (CuTest *cu) int length; int i; - setup (cu); - for (i = 0; tlv_lengths[i].der != NULL; i++) { length = p11_asn1_tlv_length ((const unsigned char *)tlv_lengths[i].der, tlv_lengths[i].der_len); - CuAssertIntEquals (cu, tlv_lengths[i].expected, length); + assert_num_eq (tlv_lengths[i].expected, length); } - - teardown (cu); } static const unsigned char test_eku_server_and_client[] = { @@ -95,7 +91,7 @@ static const unsigned char test_eku_server_and_client[] = { }; static void -test_asn1_cache (CuTest *cu) +test_asn1_cache (void) { p11_asn1_cache *cache; p11_dict *defs; @@ -103,15 +99,15 @@ test_asn1_cache (CuTest *cu) node_asn *check; cache = p11_asn1_cache_new (); - CuAssertPtrNotNull (cu, cache); + assert_ptr_not_null (cache); defs = p11_asn1_cache_defs (cache); - CuAssertPtrNotNull (cu, defs); + assert_ptr_not_null (defs); asn = p11_asn1_decode (defs, "PKIX1.ExtKeyUsageSyntax", test_eku_server_and_client, sizeof (test_eku_server_and_client), NULL); - CuAssertPtrNotNull (cu, defs); + assert_ptr_not_null (defs); /* Place the parsed data in the cache */ p11_asn1_cache_take (cache, asn, "PKIX1.ExtKeyUsageSyntax", @@ -122,38 +118,27 @@ test_asn1_cache (CuTest *cu) check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", test_eku_server_and_client, sizeof (test_eku_server_and_client)); - CuAssertPtrEquals (cu, asn, check); + assert_ptr_eq (asn, check); /* Flush should remove it */ p11_asn1_cache_flush (cache); check = p11_asn1_cache_get (cache, "PKIX1.ExtKeyUsageSyntax", test_eku_server_and_client, sizeof (test_eku_server_and_client)); - CuAssertPtrEquals (cu, NULL, check); + assert_ptr_eq (NULL, check); p11_asn1_cache_free (cache); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_tlv_length); - SUITE_ADD_TEST (suite, test_asn1_cache); + p11_fixture (setup, teardown); + p11_test (test_tlv_length, "/asn1/tlv_length"); - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); + p11_fixture (NULL, NULL); + p11_test (test_asn1_cache, "/asn1/asn1_cache"); - return ret; + return p11_test_run (argc, argv); } diff --git a/common/tests/test-attrs.c b/common/tests/test-attrs.c index 324ed90..6087191 100644 --- a/common/tests/test-attrs.c +++ b/common/tests/test-attrs.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -43,7 +43,7 @@ #include "debug.h" static void -test_terminator (CuTest *tc) +test_terminator (void) { CK_ATTRIBUTE attrs[] = { { CKA_LABEL, "label", 5 }, @@ -51,14 +51,14 @@ test_terminator (CuTest *tc) { CKA_INVALID }, }; - CuAssertIntEquals (tc, true, p11_attrs_terminator (attrs + 2)); - CuAssertIntEquals (tc, true, p11_attrs_terminator (NULL)); - CuAssertIntEquals (tc, false, p11_attrs_terminator (attrs)); - CuAssertIntEquals (tc, false, p11_attrs_terminator (attrs + 1)); + assert_num_eq (true, p11_attrs_terminator (attrs + 2)); + assert_num_eq (true, p11_attrs_terminator (NULL)); + assert_num_eq (false, p11_attrs_terminator (attrs)); + assert_num_eq (false, p11_attrs_terminator (attrs + 1)); } static void -test_count (CuTest *tc) +test_count (void) { CK_BBOOL vtrue = CK_TRUE; @@ -72,13 +72,13 @@ test_count (CuTest *tc) { CKA_INVALID }, }; - CuAssertIntEquals (tc, 2, p11_attrs_count (attrs)); - CuAssertIntEquals (tc, 0, p11_attrs_count (NULL)); - CuAssertIntEquals (tc, 0, p11_attrs_count (empty)); + assert_num_eq (2, p11_attrs_count (attrs)); + assert_num_eq (0, p11_attrs_count (NULL)); + assert_num_eq (0, p11_attrs_count (empty)); } static void -test_build_one (CuTest *tc) +test_build_one (void) { CK_ATTRIBUTE *attrs; CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; @@ -86,18 +86,18 @@ test_build_one (CuTest *tc) attrs = p11_attrs_build (NULL, &add, NULL); /* Test the first attribute */ - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs->type == CKA_LABEL); - CuAssertIntEquals (tc, 3, attrs->ulValueLen); - CuAssertTrue (tc, memcmp (attrs->pValue, "yay", 3) == 0); + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); - CuAssertTrue (tc, attrs[1].type == CKA_INVALID); + assert (attrs[1].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_build_two (CuTest *tc) +test_build_two (void) { CK_ATTRIBUTE *attrs; CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; @@ -105,23 +105,23 @@ test_build_two (CuTest *tc) attrs = p11_attrs_build (NULL, &one, &two, NULL); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[0].type == CKA_LABEL); - CuAssertIntEquals (tc, 3, attrs[0].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[0].pValue, "yay", 3) == 0); + assert_ptr_not_null (attrs); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (3, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "yay", 3) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[1].type == CKA_VALUE); - CuAssertIntEquals (tc, 5, attrs[1].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[1].pValue, "eight", 5) == 0); + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - CuAssertTrue (tc, attrs[2].type == CKA_INVALID); + assert (attrs[2].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_build_invalid (CuTest *tc) +test_build_invalid (void) { CK_ATTRIBUTE *attrs; CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; @@ -130,23 +130,23 @@ test_build_invalid (CuTest *tc) attrs = p11_attrs_build (NULL, &one, &invalid, &two, NULL); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[0].type == CKA_LABEL); - CuAssertIntEquals (tc, 3, attrs[0].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[0].pValue, "yay", 3) == 0); + assert_ptr_not_null (attrs); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (3, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "yay", 3) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[1].type == CKA_VALUE); - CuAssertIntEquals (tc, 5, attrs[1].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[1].pValue, "eight", 5) == 0); + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - CuAssertTrue (tc, attrs[2].type == CKA_INVALID); + assert (attrs[2].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_buildn_two (CuTest *tc) +test_buildn_two (void) { CK_ATTRIBUTE *attrs; CK_ATTRIBUTE add[] = { @@ -157,23 +157,23 @@ test_buildn_two (CuTest *tc) attrs = p11_attrs_buildn (NULL, add, 2); /* Test the first attribute */ - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs->type == CKA_LABEL); - CuAssertIntEquals (tc, 3, attrs->ulValueLen); - CuAssertTrue (tc, memcmp (attrs->pValue, "yay", 3) == 0); + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[1].type == CKA_VALUE); - CuAssertIntEquals (tc, 5, attrs[1].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[1].pValue, "eight", 5) == 0); + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - CuAssertTrue (tc, attrs[2].type == CKA_INVALID); + assert (attrs[2].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_buildn_one (CuTest *tc) +test_buildn_one (void) { CK_ATTRIBUTE *attrs; CK_ATTRIBUTE add = { CKA_LABEL, "yay", 3 }; @@ -181,18 +181,18 @@ test_buildn_one (CuTest *tc) attrs = p11_attrs_buildn (NULL, &add, 1); /* Test the first attribute */ - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs->type == CKA_LABEL); - CuAssertIntEquals (tc, 3, attrs->ulValueLen); - CuAssertTrue (tc, memcmp (attrs->pValue, "yay", 3) == 0); + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); - CuAssertTrue (tc, attrs[1].type == CKA_INVALID); + assert (attrs[1].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_build_add (CuTest *tc) +test_build_add (void) { CK_ATTRIBUTE initial[] = { { CKA_LABEL, "label", 5 }, @@ -206,28 +206,28 @@ test_build_add (CuTest *tc) attrs = p11_attrs_buildn (NULL, initial, 2); attrs = p11_attrs_build (attrs, &one, &two, NULL); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[0].type == CKA_LABEL); - CuAssertIntEquals (tc, 3, attrs[0].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[0].pValue, "yay", 3) == 0); + assert_ptr_not_null (attrs); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (3, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "yay", 3) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[1].type == CKA_VALUE); - CuAssertIntEquals (tc, 4, attrs[1].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[1].pValue, "nine", 4) == 0); + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[2].type == CKA_TOKEN); - CuAssertIntEquals (tc, 1, attrs[2].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[2].pValue, "\x01", 1) == 0); + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_TOKEN); + assert_num_eq (1, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); - CuAssertTrue (tc, attrs[3].type == CKA_INVALID); + assert (attrs[3].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_build_null (CuTest *tc) +test_build_null (void) { CK_ATTRIBUTE *attrs; CK_ATTRIBUTE add = { CKA_LABEL, NULL, (CK_ULONG)-1 }; @@ -235,16 +235,16 @@ test_build_null (CuTest *tc) attrs = p11_attrs_build (NULL, &add, NULL); /* Test the first attribute */ - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs->type == CKA_LABEL); - CuAssertTrue (tc, attrs->ulValueLen == (CK_ULONG)-1); - CuAssertPtrEquals (tc, NULL, attrs->pValue); + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert (attrs->ulValueLen == (CK_ULONG)-1); + assert_ptr_eq (NULL, attrs->pValue); p11_attrs_free (attrs); } static void -test_dup (CuTest *tc) +test_dup (void) { CK_ATTRIBUTE *attrs; CK_ATTRIBUTE original[] = { @@ -256,23 +256,23 @@ test_dup (CuTest *tc) attrs = p11_attrs_dup (original); /* Test the first attribute */ - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs->type == CKA_LABEL); - CuAssertIntEquals (tc, 3, attrs->ulValueLen); - CuAssertTrue (tc, memcmp (attrs->pValue, "yay", 3) == 0); + assert_ptr_not_null (attrs); + assert (attrs->type == CKA_LABEL); + assert_num_eq (3, attrs->ulValueLen); + assert (memcmp (attrs->pValue, "yay", 3) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[1].type == CKA_VALUE); - CuAssertIntEquals (tc, 5, attrs[1].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[1].pValue, "eight", 5) == 0); + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (5, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "eight", 5) == 0); - CuAssertTrue (tc, attrs[2].type == CKA_INVALID); + assert (attrs[2].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_take (CuTest *tc) +test_take (void) { CK_ATTRIBUTE initial[] = { { CKA_LABEL, "label", 5 }, @@ -284,30 +284,30 @@ test_take (CuTest *tc) attrs = p11_attrs_buildn (NULL, initial, 2); attrs = p11_attrs_take (attrs, CKA_LABEL, strdup ("boooyah"), 7); attrs = p11_attrs_take (attrs, CKA_TOKEN, strdup ("\x01"), 1); - CuAssertPtrNotNull (tc, attrs); + assert_ptr_not_null (attrs); - CuAssertTrue (tc, attrs[0].type == CKA_LABEL); - CuAssertIntEquals (tc, 7, attrs[0].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[0].pValue, "boooyah", 7) == 0); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[1].type == CKA_VALUE); - CuAssertIntEquals (tc, 4, attrs[1].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[1].pValue, "nine", 4) == 0); + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[2].type == CKA_TOKEN); - CuAssertIntEquals (tc, 1, attrs[2].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[2].pValue, "\x01", 1) == 0); + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_TOKEN); + assert_num_eq (1, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "\x01", 1) == 0); - CuAssertTrue (tc, attrs[3].type == CKA_INVALID); + assert (attrs[3].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_merge_replace (CuTest *tc) +test_merge_replace (void) { CK_ATTRIBUTE initial[] = { { CKA_LABEL, "label", 5 }, @@ -325,29 +325,29 @@ test_merge_replace (CuTest *tc) attrs = p11_attrs_buildn (NULL, initial, 2); merge = p11_attrs_buildn (NULL, extra, 2); attrs = p11_attrs_merge (attrs, merge, true); - CuAssertPtrNotNull (tc, attrs); + assert_ptr_not_null (attrs); - CuAssertTrue (tc, attrs[0].type == CKA_LABEL); - CuAssertIntEquals (tc, 7, attrs[0].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[0].pValue, "boooyah", 7) == 0); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (7, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "boooyah", 7) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[1].type == CKA_VALUE); - CuAssertIntEquals (tc, 4, attrs[1].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[1].pValue, "nine", 4) == 0); + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[2].type == CKA_APPLICATION); - CuAssertIntEquals (tc, 5, attrs[2].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[2].pValue, "disco", 5) == 0); + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_APPLICATION); + assert_num_eq (5, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "disco", 5) == 0); - CuAssertTrue (tc, attrs[3].type == CKA_INVALID); + assert (attrs[3].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_merge_empty (CuTest *tc) +test_merge_empty (void) { CK_ATTRIBUTE extra[] = { { CKA_LABEL, "boooyah", 7 }, @@ -359,14 +359,14 @@ test_merge_empty (CuTest *tc) merge = p11_attrs_buildn (NULL, extra, 2); attrs = p11_attrs_merge (attrs, merge, true); - CuAssertPtrNotNull (tc, attrs); - CuAssertPtrEquals (tc, merge, attrs); + assert_ptr_not_null (attrs); + assert_ptr_eq (merge, attrs); p11_attrs_free (attrs); } static void -test_merge_augment (CuTest *tc) +test_merge_augment (void) { CK_ATTRIBUTE initial[] = { { CKA_LABEL, "label", 5 }, @@ -384,35 +384,35 @@ test_merge_augment (CuTest *tc) attrs = p11_attrs_buildn (NULL, initial, 2); merge = p11_attrs_buildn (NULL, extra, 2); attrs = p11_attrs_merge (attrs, merge, false); - CuAssertPtrNotNull (tc, attrs); + assert_ptr_not_null (attrs); - CuAssertTrue (tc, attrs[0].type == CKA_LABEL); - CuAssertIntEquals (tc, 5, attrs[0].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[0].pValue, "label", 5) == 0); + assert (attrs[0].type == CKA_LABEL); + assert_num_eq (5, attrs[0].ulValueLen); + assert (memcmp (attrs[0].pValue, "label", 5) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[1].type == CKA_VALUE); - CuAssertIntEquals (tc, 4, attrs[1].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[1].pValue, "nine", 4) == 0); + assert_ptr_not_null (attrs); + assert (attrs[1].type == CKA_VALUE); + assert_num_eq (4, attrs[1].ulValueLen); + assert (memcmp (attrs[1].pValue, "nine", 4) == 0); - CuAssertPtrNotNull (tc, attrs); - CuAssertTrue (tc, attrs[2].type == CKA_APPLICATION); - CuAssertIntEquals (tc, 5, attrs[2].ulValueLen); - CuAssertTrue (tc, memcmp (attrs[2].pValue, "disco", 5) == 0); + assert_ptr_not_null (attrs); + assert (attrs[2].type == CKA_APPLICATION); + assert_num_eq (5, attrs[2].ulValueLen); + assert (memcmp (attrs[2].pValue, "disco", 5) == 0); - CuAssertTrue (tc, attrs[3].type == CKA_INVALID); + assert (attrs[3].type == CKA_INVALID); p11_attrs_free (attrs); } static void -test_free_null (CuTest *tc) +test_free_null (void) { p11_attrs_free (NULL); } static void -test_equal (CuTest *tc) +test_equal (void) { char *data = "extra attribute"; CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; @@ -422,19 +422,19 @@ test_equal (CuTest *tc) CK_ATTRIBUTE overflow = { CKA_VALUE, data, 5 }; CK_ATTRIBUTE content = { CKA_VALUE, "conte", 5 }; - CuAssertTrue (tc, p11_attr_equal (&one, &one)); - CuAssertTrue (tc, !p11_attr_equal (&one, NULL)); - CuAssertTrue (tc, !p11_attr_equal (NULL, &one)); - CuAssertTrue (tc, !p11_attr_equal (&one, &two)); - CuAssertTrue (tc, !p11_attr_equal (&two, &other)); - CuAssertTrue (tc, p11_attr_equal (&other, &overflow)); - CuAssertTrue (tc, !p11_attr_equal (&one, &null)); - CuAssertTrue (tc, !p11_attr_equal (&one, &null)); - CuAssertTrue (tc, !p11_attr_equal (&other, &content)); + assert (p11_attr_equal (&one, &one)); + assert (!p11_attr_equal (&one, NULL)); + assert (!p11_attr_equal (NULL, &one)); + assert (!p11_attr_equal (&one, &two)); + assert (!p11_attr_equal (&two, &other)); + assert (p11_attr_equal (&other, &overflow)); + assert (!p11_attr_equal (&one, &null)); + assert (!p11_attr_equal (&one, &null)); + assert (!p11_attr_equal (&other, &content)); } static void -test_hash (CuTest *tc) +test_hash (void) { char *data = "extra attribute"; CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; @@ -446,18 +446,18 @@ test_hash (CuTest *tc) unsigned int hash; hash = p11_attr_hash (&one); - CuAssertTrue (tc, hash != 0); - - CuAssertTrue (tc, p11_attr_hash (&one) == hash); - CuAssertTrue (tc, p11_attr_hash (&two) != hash); - CuAssertTrue (tc, p11_attr_hash (&other) != hash); - CuAssertTrue (tc, p11_attr_hash (&overflow) != hash); - CuAssertTrue (tc, p11_attr_hash (&null) != hash); - CuAssertTrue (tc, p11_attr_hash (&content) != hash); + assert (hash != 0); + + assert (p11_attr_hash (&one) == hash); + assert (p11_attr_hash (&two) != hash); + assert (p11_attr_hash (&other) != hash); + assert (p11_attr_hash (&overflow) != hash); + assert (p11_attr_hash (&null) != hash); + assert (p11_attr_hash (&content) != hash); } static void -test_to_string (CuTest *tc) +test_to_string (void) { char *data = "extra attribute"; CK_ATTRIBUTE one = { CKA_LABEL, "yay", 3 }; @@ -471,20 +471,20 @@ test_to_string (CuTest *tc) string = p11_attr_to_string (&one, CKA_INVALID); - CuAssertStrEquals (tc, "{ CKA_LABEL = (3) \"yay\" }", string); + assert_str_eq ("{ CKA_LABEL = (3) \"yay\" }", string); free (string); string = p11_attrs_to_string (attrs, -1); - CuAssertStrEquals (tc, "(2) [ { CKA_LABEL = (3) \"yay\" }, { CKA_VALUE = (5) NOT-PRINTED } ]", string); + assert_str_eq ("(2) [ { CKA_LABEL = (3) \"yay\" }, { CKA_VALUE = (5) NOT-PRINTED } ]", string); free (string); string = p11_attrs_to_string (attrs, 1); - CuAssertStrEquals (tc, "(1) [ { CKA_LABEL = (3) \"yay\" } ]", string); + assert_str_eq ("(1) [ { CKA_LABEL = (3) \"yay\" } ]", string); free (string); } static void -test_find (CuTest *tc) +test_find (void) { CK_BBOOL vtrue = CK_TRUE; CK_ATTRIBUTE *attr; @@ -496,17 +496,17 @@ test_find (CuTest *tc) }; attr = p11_attrs_find (attrs, CKA_LABEL); - CuAssertPtrEquals (tc, attrs + 0, attr); + assert_ptr_eq (attrs + 0, attr); attr = p11_attrs_find (attrs, CKA_TOKEN); - CuAssertPtrEquals (tc, attrs + 1, attr); + assert_ptr_eq (attrs + 1, attr); attr = p11_attrs_find (attrs, CKA_VALUE); - CuAssertPtrEquals (tc, NULL, attr); + assert_ptr_eq (NULL, attr); } static void -test_findn (CuTest *tc) +test_findn (void) { CK_BBOOL vtrue = CK_TRUE; CK_ATTRIBUTE *attr; @@ -517,20 +517,20 @@ test_findn (CuTest *tc) }; attr = p11_attrs_findn (attrs, 2, CKA_LABEL); - CuAssertPtrEquals (tc, attrs + 0, attr); + assert_ptr_eq (attrs + 0, attr); attr = p11_attrs_findn (attrs, 2, CKA_TOKEN); - CuAssertPtrEquals (tc, attrs + 1, attr); + assert_ptr_eq (attrs + 1, attr); attr = p11_attrs_findn (attrs, 2, CKA_VALUE); - CuAssertPtrEquals (tc, NULL, attr); + assert_ptr_eq (NULL, attr); attr = p11_attrs_findn (attrs, 1, CKA_TOKEN); - CuAssertPtrEquals (tc, NULL, attr); + assert_ptr_eq (NULL, attr); } static void -test_remove (CuTest *tc) +test_remove (void) { CK_BBOOL vtrue = CK_TRUE; CK_ATTRIBUTE *attr; @@ -543,25 +543,25 @@ test_remove (CuTest *tc) }; attrs = p11_attrs_buildn (NULL, initial, 2); - CuAssertPtrNotNull (tc, attrs); + assert_ptr_not_null (attrs); attr = p11_attrs_find (attrs, CKA_LABEL); - CuAssertPtrEquals (tc, attrs + 0, attr); + assert_ptr_eq (attrs + 0, attr); ret = p11_attrs_remove (attrs, CKA_LABEL); - CuAssertIntEquals (tc, CK_TRUE, ret); + assert_num_eq (CK_TRUE, ret); attr = p11_attrs_find (attrs, CKA_LABEL); - CuAssertPtrEquals (tc, NULL, attr); + assert_ptr_eq (NULL, attr); ret = p11_attrs_remove (attrs, CKA_LABEL); - CuAssertIntEquals (tc, CK_FALSE, ret); + assert_num_eq (CK_FALSE, ret); p11_attrs_free (attrs); } static void -test_match (CuTest *tc) +test_match (void) { CK_BBOOL vtrue = CK_TRUE; @@ -588,14 +588,14 @@ test_match (CuTest *tc) { CKA_INVALID }, }; - CuAssertTrue (tc, p11_attrs_match (attrs, attrs)); - CuAssertTrue (tc, p11_attrs_match (attrs, subset)); - CuAssertTrue (tc, !p11_attrs_match (attrs, different)); - CuAssertTrue (tc, !p11_attrs_match (attrs, extra)); + assert (p11_attrs_match (attrs, attrs)); + assert (p11_attrs_match (attrs, subset)); + assert (!p11_attrs_match (attrs, different)); + assert (!p11_attrs_match (attrs, extra)); } static void -test_matchn (CuTest *tc) +test_matchn (void) { CK_BBOOL vtrue = CK_TRUE; @@ -620,13 +620,13 @@ test_matchn (CuTest *tc) { CKA_TOKEN, &vtrue, sizeof (vtrue) }, }; - CuAssertTrue (tc, p11_attrs_matchn (attrs, subset, 1)); - CuAssertTrue (tc, !p11_attrs_matchn (attrs, different, 2)); - CuAssertTrue (tc, !p11_attrs_matchn (attrs, extra, 3)); + assert (p11_attrs_matchn (attrs, subset, 1)); + assert (!p11_attrs_matchn (attrs, different, 2)); + assert (!p11_attrs_matchn (attrs, extra, 3)); } static void -test_find_bool (CuTest *tc) +test_find_bool (void) { CK_BBOOL vtrue = CK_TRUE; CK_BBOOL vfalse = CK_FALSE; @@ -640,13 +640,13 @@ test_find_bool (CuTest *tc) { CKA_INVALID }, }; - CuAssertTrue (tc, p11_attrs_find_bool (attrs, CKA_TOKEN, &value) && value == CK_TRUE); - CuAssertTrue (tc, !p11_attrs_find_bool (attrs, CKA_LABEL, &value)); - CuAssertTrue (tc, !p11_attrs_find_bool (attrs, CKA_VALUE, &value)); + assert (p11_attrs_find_bool (attrs, CKA_TOKEN, &value) && value == CK_TRUE); + assert (!p11_attrs_find_bool (attrs, CKA_LABEL, &value)); + assert (!p11_attrs_find_bool (attrs, CKA_VALUE, &value)); } static void -test_find_ulong (CuTest *tc) +test_find_ulong (void) { CK_ULONG v33 = 33UL; CK_ULONG v45 = 45UL; @@ -660,13 +660,13 @@ test_find_ulong (CuTest *tc) { CKA_INVALID }, }; - CuAssertTrue (tc, p11_attrs_find_ulong (attrs, CKA_BITS_PER_PIXEL, &value) && value == v33); - CuAssertTrue (tc, !p11_attrs_find_ulong (attrs, CKA_LABEL, &value)); - CuAssertTrue (tc, !p11_attrs_find_ulong (attrs, CKA_VALUE, &value)); + assert (p11_attrs_find_ulong (attrs, CKA_BITS_PER_PIXEL, &value) && value == v33); + assert (!p11_attrs_find_ulong (attrs, CKA_LABEL, &value)); + assert (!p11_attrs_find_ulong (attrs, CKA_VALUE, &value)); } static void -test_find_value (CuTest *tc) +test_find_value (void) { void *value; size_t length; @@ -681,21 +681,21 @@ test_find_value (CuTest *tc) }; value = p11_attrs_find_value (attrs, CKA_LABEL, &length); - CuAssertPtrEquals (tc, attrs[3].pValue, value); - CuAssertIntEquals (tc, 4, length); + assert_ptr_eq (attrs[3].pValue, value); + assert_num_eq (4, length); value = p11_attrs_find_value (attrs, CKA_LABEL, NULL); - CuAssertPtrEquals (tc, attrs[3].pValue, value); + assert_ptr_eq (attrs[3].pValue, value); value = p11_attrs_find_value (attrs, CKA_VALUE, &length); - CuAssertPtrEquals (tc, NULL, value); + assert_ptr_eq (NULL, value); value = p11_attrs_find_value (attrs, CKA_TOKEN, &length); - CuAssertPtrEquals (tc, NULL, value); + assert_ptr_eq (NULL, value); } static void -test_find_valid (CuTest *tc) +test_find_valid (void) { CK_ATTRIBUTE *attr; @@ -709,61 +709,46 @@ test_find_valid (CuTest *tc) }; attr = p11_attrs_find_valid (attrs, CKA_LABEL); - CuAssertPtrEquals (tc, attrs + 3, attr); + assert_ptr_eq (attrs + 3, attr); attr = p11_attrs_find_valid (attrs, CKA_VALUE); - CuAssertPtrEquals (tc, attrs + 4, attr); + assert_ptr_eq (attrs + 4, attr); attr = p11_attrs_find_valid (attrs, CKA_TOKEN); - CuAssertPtrEquals (tc, NULL, attr); + assert_ptr_eq (NULL, attr); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_equal); - SUITE_ADD_TEST (suite, test_hash); - SUITE_ADD_TEST (suite, test_to_string); - - SUITE_ADD_TEST (suite, test_terminator); - SUITE_ADD_TEST (suite, test_count); - SUITE_ADD_TEST (suite, test_build_one); - SUITE_ADD_TEST (suite, test_build_two); - SUITE_ADD_TEST (suite, test_build_invalid); - SUITE_ADD_TEST (suite, test_buildn_one); - SUITE_ADD_TEST (suite, test_buildn_two); - SUITE_ADD_TEST (suite, test_build_add); - SUITE_ADD_TEST (suite, test_build_null); - SUITE_ADD_TEST (suite, test_dup); - SUITE_ADD_TEST (suite, test_take); - SUITE_ADD_TEST (suite, test_merge_replace); - SUITE_ADD_TEST (suite, test_merge_augment); - SUITE_ADD_TEST (suite, test_merge_empty); - SUITE_ADD_TEST (suite, test_free_null); - SUITE_ADD_TEST (suite, test_match); - SUITE_ADD_TEST (suite, test_matchn); - SUITE_ADD_TEST (suite, test_find); - SUITE_ADD_TEST (suite, test_findn); - SUITE_ADD_TEST (suite, test_find_bool); - SUITE_ADD_TEST (suite, test_find_ulong); - SUITE_ADD_TEST (suite, test_find_value); - SUITE_ADD_TEST (suite, test_find_valid); - SUITE_ADD_TEST (suite, test_remove); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_equal, "/attrs/equal"); + p11_test (test_hash, "/attrs/hash"); + p11_test (test_to_string, "/attrs/to-string"); + + p11_test (test_terminator, "/attrs/terminator"); + p11_test (test_count, "/attrs/count"); + p11_test (test_build_one, "/attrs/build-one"); + p11_test (test_build_two, "/attrs/build-two"); + p11_test (test_build_invalid, "/attrs/build-invalid"); + p11_test (test_buildn_one, "/attrs/buildn-one"); + p11_test (test_buildn_two, "/attrs/buildn-two"); + p11_test (test_build_add, "/attrs/build-add"); + p11_test (test_build_null, "/attrs/build-null"); + p11_test (test_dup, "/attrs/dup"); + p11_test (test_take, "/attrs/take"); + p11_test (test_merge_replace, "/attrs/merge-replace"); + p11_test (test_merge_augment, "/attrs/merge-augment"); + p11_test (test_merge_empty, "/attrs/merge-empty"); + p11_test (test_free_null, "/attrs/free-null"); + p11_test (test_match, "/attrs/match"); + p11_test (test_matchn, "/attrs/matchn"); + p11_test (test_find, "/attrs/find"); + p11_test (test_findn, "/attrs/findn"); + p11_test (test_find_bool, "/attrs/find-bool"); + p11_test (test_find_ulong, "/attrs/find-ulong"); + p11_test (test_find_value, "/attrs/find-value"); + p11_test (test_find_valid, "/attrs/find-valid"); + p11_test (test_remove, "/attrs/remove"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-base64.c b/common/tests/test-base64.c index 90c1f49..ce303e8 100644 --- a/common/tests/test-base64.c +++ b/common/tests/test-base64.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include "base64.h" #include "debug.h" @@ -45,9 +45,9 @@ #include static void -check_decode_msg (CuTest *tc, - const char *file, +check_decode_msg (const char *file, int line, + const char *function, const char *input, ssize_t input_len, const unsigned char *expected, @@ -63,33 +63,38 @@ check_decode_msg (CuTest *tc, length = p11_b64_pton (input, input_len, decoded, sizeof (decoded)); if (expected == NULL) { - CuAssert_Line (tc, file, line, "decoding should have failed", length < 0); + if (length >= 0) + p11_test_fail (file, line, function, "decoding should have failed"); } else { - CuAssert_Line (tc, file, line, "decoding failed", length >= 0); - CuAssertIntEquals_LineMsg (tc, file, line, "wrong length", expected_len, length); - CuAssert_Line (tc, file, line, "decoded wrong", memcmp (decoded, expected, length) == 0); + if (length < 0) + p11_test_fail (file, line, function, "decoding failed"); + if (expected_len != length) + p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", + (unsigned long)expected_len, (unsigned long)length); + if (memcmp (decoded, expected, length) != 0) + p11_test_fail (file, line, function, "decoded wrong"); } } -#define check_decode_success(tc, input, input_len, expected, expected_len) \ - check_decode_msg (tc, __FILE__, __LINE__, input, input_len, expected, expected_len) +#define check_decode_success(input, input_len, expected, expected_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) -#define check_decode_failure(tc, input, input_len) \ - check_decode_msg (tc, __FILE__, __LINE__, input, input_len, NULL, 0) +#define check_decode_failure(input, input_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) static void -test_decode_simple (CuTest *tc) +test_decode_simple (void) { - check_decode_success (tc, "", 0, (unsigned char *)"", 0); - check_decode_success (tc, "MQ==", 0, (unsigned char *)"1", 0); - check_decode_success (tc, "YmxhaAo=", -1, (unsigned char *)"blah\n", -1); - check_decode_success (tc, "bGVlbGEK", -1, (unsigned char *)"leela\n", -1); - check_decode_success (tc, "bGVlbG9vCg==", -1, (unsigned char *)"leeloo\n", -1); + check_decode_success ("", 0, (unsigned char *)"", 0); + check_decode_success ("MQ==", 0, (unsigned char *)"1", 0); + check_decode_success ("YmxhaAo=", -1, (unsigned char *)"blah\n", -1); + check_decode_success ("bGVlbGEK", -1, (unsigned char *)"leela\n", -1); + check_decode_success ("bGVlbG9vCg==", -1, (unsigned char *)"leeloo\n", -1); } static void -test_decode_thawte (CuTest *tc) +test_decode_thawte (void) { const char *input = "MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB" @@ -186,28 +191,14 @@ test_decode_thawte (CuTest *tc) 0x31, 0xd4, 0x40, 0x1a, 0x62, 0x34, 0x36, 0x3f, 0x35, 0x01, 0xae, 0xac, 0x63, 0xa0, }; - check_decode_success (tc, input, -1, output, sizeof (output)); + check_decode_success (input, -1, output, sizeof (output)); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_decode_simple); - SUITE_ADD_TEST (suite, test_decode_thawte); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - return ret; + p11_test (test_decode_simple, "/base64/decode-simple"); + p11_test (test_decode_thawte, "/base64/decode-thawte"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-buffer.c b/common/tests/test-buffer.c index baf7b73..4fd060d 100644 --- a/common/tests/test-buffer.c +++ b/common/tests/test-buffer.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -43,41 +43,41 @@ #include "buffer.h" static void -test_init_uninit (CuTest *tc) +test_init_uninit (void) { p11_buffer buffer; p11_buffer_init (&buffer, 10); - CuAssertPtrNotNull (tc, buffer.data); - CuAssertIntEquals (tc, 0, buffer.len); - CuAssertIntEquals (tc, 0, buffer.flags); - CuAssertTrue (tc, buffer.size >= 10); - CuAssertPtrNotNull (tc, buffer.ffree); - CuAssertPtrNotNull (tc, buffer.frealloc); + assert_ptr_not_null (buffer.data); + assert_num_eq (0, buffer.len); + assert_num_eq (0, buffer.flags); + assert (buffer.size >= 10); + assert_ptr_not_null (buffer.ffree); + assert_ptr_not_null (buffer.frealloc); p11_buffer_uninit (&buffer); } static void -test_append (CuTest *tc) +test_append (void) { p11_buffer buffer; p11_buffer_init (&buffer, 10); buffer.len = 5; p11_buffer_append (&buffer, 35); - CuAssertIntEquals (tc, 5 + 35, buffer.len); - CuAssertTrue (tc, buffer.size >= 35 + 5); + assert_num_eq (5 + 35, buffer.len); + assert (buffer.size >= 35 + 5); p11_buffer_append (&buffer, 15); - CuAssertIntEquals (tc, 5 + 35 + 15, buffer.len); - CuAssertTrue (tc, buffer.size >= 5 + 35 + 15); + assert_num_eq (5 + 35 + 15, buffer.len); + assert (buffer.size >= 5 + 35 + 15); p11_buffer_uninit (&buffer); } static void -test_null (CuTest *tc) +test_null (void) { p11_buffer buffer; @@ -85,7 +85,7 @@ test_null (CuTest *tc) p11_buffer_add (&buffer, "Blah", -1); p11_buffer_add (&buffer, " blah", -1); - CuAssertStrEquals (tc, "Blah blah", buffer.data); + assert_str_eq ("Blah blah", buffer.data); p11_buffer_uninit (&buffer); } @@ -109,7 +109,7 @@ mock_free (void *data) } static void -test_init_for_data (CuTest *tc) +test_init_for_data (void) { p11_buffer buffer; unsigned char *ret; @@ -121,29 +121,29 @@ test_init_for_data (CuTest *tc) p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, 0, mock_realloc, mock_free); - CuAssertPtrNotNull (tc, buffer.data); - CuAssertStrEquals (tc, "blah", (char *)buffer.data); - CuAssertIntEquals (tc, 4, buffer.len); - CuAssertIntEquals (tc, 0, buffer.flags); - CuAssertIntEquals (tc, 4, buffer.size); - CuAssertPtrEquals (tc, mock_free, buffer.ffree); - CuAssertPtrEquals (tc, mock_realloc, buffer.frealloc); + assert_ptr_not_null (buffer.data); + assert_str_eq ("blah", (char *)buffer.data); + assert_num_eq (4, buffer.len); + assert_num_eq (0, buffer.flags); + assert_num_eq (4, buffer.size); + assert_ptr_eq (mock_free, buffer.ffree); + assert_ptr_eq (mock_realloc, buffer.frealloc); - CuAssertIntEquals (tc, 0, mock_realloced); - CuAssertIntEquals (tc, 0, mock_freed); + assert_num_eq (0, mock_realloced); + assert_num_eq (0, mock_freed); len = buffer.len; ret = p11_buffer_append (&buffer, 1024); - CuAssertPtrEquals (tc, (char *)buffer.data + len, ret); - CuAssertIntEquals (tc, 1, mock_realloced); + assert_ptr_eq ((char *)buffer.data + len, ret); + assert_num_eq (1, mock_realloced); p11_buffer_uninit (&buffer); - CuAssertIntEquals (tc, 1, mock_realloced); - CuAssertIntEquals (tc, 1, mock_freed); + assert_num_eq (1, mock_realloced); + assert_num_eq (1, mock_freed); } static void -test_steal (CuTest *tc) +test_steal (void) { p11_buffer buffer; char *string; @@ -154,61 +154,46 @@ test_steal (CuTest *tc) p11_buffer_init_full (&buffer, (unsigned char *)strdup ("blah"), 4, P11_BUFFER_NULL, mock_realloc, mock_free); - CuAssertPtrNotNull (tc, buffer.data); - CuAssertStrEquals (tc, "blah", buffer.data); + assert_ptr_not_null (buffer.data); + assert_str_eq ("blah", buffer.data); p11_buffer_add (&buffer, " yada", -1); - CuAssertStrEquals (tc, "blah yada", buffer.data); + assert_str_eq ("blah yada", buffer.data); string = p11_buffer_steal (&buffer, &length); p11_buffer_uninit (&buffer); - CuAssertStrEquals (tc, "blah yada", string); - CuAssertIntEquals (tc, 9, length); - CuAssertIntEquals (tc, 0, mock_freed); + assert_str_eq ("blah yada", string); + assert_num_eq (9, length); + assert_num_eq (0, mock_freed); free (string); } static void -test_add (CuTest *tc) +test_add (void) { p11_buffer buffer; p11_buffer_init (&buffer, 10); p11_buffer_add (&buffer, (unsigned char *)"Planet Express", 15); - CuAssertIntEquals (tc, 15, buffer.len); - CuAssertStrEquals (tc, "Planet Express", (char *)buffer.data); - CuAssertTrue (tc, p11_buffer_ok (&buffer)); + assert_num_eq (15, buffer.len); + assert_str_eq ("Planet Express", (char *)buffer.data); + assert (p11_buffer_ok (&buffer)); p11_buffer_uninit (&buffer); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_init_uninit); - SUITE_ADD_TEST (suite, test_init_for_data); - SUITE_ADD_TEST (suite, test_append); - SUITE_ADD_TEST (suite, test_null); - SUITE_ADD_TEST (suite, test_add); - SUITE_ADD_TEST (suite, test_steal); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_init_uninit, "/buffer/init-uninit"); + p11_test (test_init_for_data, "/buffer/init-for-data"); + p11_test (test_append, "/buffer/append"); + p11_test (test_null, "/buffer/null"); + p11_test (test_add, "/buffer/add"); + p11_test (test_steal, "/buffer/steal"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-compat.c b/common/tests/test-compat.c index 066e723..f1960ce 100644 --- a/common/tests/test-compat.c +++ b/common/tests/test-compat.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -42,36 +42,24 @@ #include "compat.h" static void -test_strndup (CuTest *tc) +test_strndup (void) { char unterminated[] = { 't', 'e', 's', 't', 'e', 'r', 'o', 'n', 'i', 'o' }; char *res; res = strndup (unterminated, 6); - CuAssertStrEquals (tc, res, "tester"); + assert_str_eq (res, "tester"); free (res); res = strndup ("test", 6); - CuAssertStrEquals (tc, res, "test"); + assert_str_eq (res, "test"); free (res); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - SUITE_ADD_TEST (suite, test_strndup); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_strndup, "/test/strndup"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-constants.c b/common/tests/test-constants.c index 4cd4472..76c44d2 100644 --- a/common/tests/test-constants.c +++ b/common/tests/test-constants.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -44,7 +44,7 @@ #include "debug.h" static void -test_constants (CuTest *tc) +test_constants (void) { const p11_constant *constant; p11_dict *nicks, *names; @@ -59,6 +59,10 @@ test_constants (CuTest *tc) p11_constant_keys, p11_constant_asserts, p11_constant_categories, + p11_constant_mechanisms, + p11_constant_users, + p11_constant_states, + p11_constant_returns, NULL }; @@ -68,25 +72,27 @@ test_constants (CuTest *tc) for (j = 0; constants[j] != NULL; j++) { constant = constants[j]; for (i = 1; constant[i].value != CKA_INVALID; i++) { - if (constant[i].value < constant[i - 1].value) { - CuFail_Line (tc, __FILE__, __LINE__, - "attr constant out of order", constant[i].name); - } + if (constant[i].value < constant[i - 1].value) + assert_fail ("attr constant out of order", constant[i].name); } for (i = 0; constant[i].value != CKA_INVALID; i++) { - CuAssertPtrNotNull (tc, constant[i].nick); - CuAssertPtrNotNull (tc, constant[i].name); + assert_ptr_not_null (constant[i].name); + + if (constant[i].nick) { + assert_str_eq (constant[i].nick, + p11_constant_nick (constant, constant[i].value)); + } - CuAssertStrEquals (tc, constant[i].nick, - p11_constant_nick (constant, constant[i].value)); - CuAssertStrEquals (tc, constant[i].name, - p11_constant_name (constant, constant[i].value)); + assert_str_eq (constant[i].name, + p11_constant_name (constant, constant[i].value)); - check = p11_constant_resolve (nicks, constant[i].nick); - CuAssertIntEquals (tc, constant[i].value, check); + if (constant[i].nick) { + check = p11_constant_resolve (nicks, constant[i].nick); + assert_num_eq (constant[i].value, check); + } check = p11_constant_resolve (names, constant[i].name); - CuAssertIntEquals (tc, constant[i].value, check); + assert_num_eq (constant[i].value, check); } } @@ -95,23 +101,10 @@ test_constants (CuTest *tc) } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - SUITE_ADD_TEST (suite, test_constants); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); + p11_test (test_constants, "/constants/all"); - return ret; + return p11_test_run (argc, argv); } diff --git a/common/tests/test-dict.c b/common/tests/test-dict.c index fc40b07..7c6f851 100644 --- a/common/tests/test-dict.c +++ b/common/tests/test-dict.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -43,17 +43,17 @@ #include "dict.h" static void -test_create (CuTest *tc) +test_create (void) { p11_dict *map; map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - CuAssertPtrNotNull (tc, map); + assert_ptr_not_null (map); p11_dict_free (map); } static void -test_free_null (CuTest *tc) +test_free_null (void) { p11_dict_free (NULL); } @@ -98,24 +98,24 @@ value_destroy (void *data) } static void -test_free_destroys (CuTest *tc) +test_free_destroys (void) { p11_dict *map; Key key = { 8, 0 }; int value = 0; map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - CuAssertPtrNotNull (tc, map); + assert_ptr_not_null (map); if (!p11_dict_set (map, &key, &value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); p11_dict_free (map); - CuAssertIntEquals (tc, true, key.freed); - CuAssertIntEquals (tc, 2, value); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); } static void -test_iterate (CuTest *tc) +test_iterate (void) { p11_dict *map; p11_dictiter iter; @@ -126,19 +126,19 @@ test_iterate (CuTest *tc) int ret; map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); - CuAssertPtrNotNull (tc, map); + assert_ptr_not_null (map); if (!p11_dict_set (map, &key, &value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); p11_dict_iterate (map, &iter); ret = p11_dict_next (&iter, &pkey, &pvalue); - CuAssertIntEquals (tc, 1, ret); - CuAssertPtrEquals (tc, pkey, &key); - CuAssertPtrEquals (tc, pvalue, &value); + assert_num_eq (1, ret); + assert_ptr_eq (pkey, &key); + assert_ptr_eq (pvalue, &value); ret = p11_dict_next (&iter, &pkey, &pvalue); - CuAssertIntEquals (tc, 0, ret); + assert_num_eq (0, ret); p11_dict_free (map); } @@ -153,7 +153,7 @@ compar_strings (const void *one, } static void -test_iterate_remove (CuTest *tc) +test_iterate_remove (void) { p11_dict *map; p11_dictiter iter; @@ -165,45 +165,45 @@ test_iterate_remove (CuTest *tc) int i; map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); - CuAssertPtrNotNull (tc, map); + assert_ptr_not_null (map); for (i = 0; i < 3; i++) { if (!p11_dict_set (map, keys[i], values[i])) - CuFail (tc, "should not be reached"); + assert_not_reached (); } p11_dict_iterate (map, &iter); ret = p11_dict_next (&iter, &okeys[0], &ovalues[0]); - CuAssertIntEquals (tc, true, ret); + assert_num_eq (true, ret); ret = p11_dict_next (&iter, &okeys[1], &ovalues[1]); - CuAssertIntEquals (tc, true, ret); + assert_num_eq (true, ret); if (!p11_dict_remove (map, okeys[1])) - CuFail (tc, "should not be reached"); + assert_not_reached (); ret = p11_dict_next (&iter, &okeys[2], &ovalues[2]); - CuAssertIntEquals (tc, true, ret); + assert_num_eq (true, ret); ret = p11_dict_next (&iter, NULL, NULL); - CuAssertIntEquals (tc, false, ret); + assert_num_eq (false, ret); - CuAssertIntEquals (tc, 2, p11_dict_size (map)); + assert_num_eq (2, p11_dict_size (map)); p11_dict_free (map); qsort (okeys, 3, sizeof (void *), compar_strings); qsort (ovalues, 3, sizeof (void *), compar_strings); for (i = 0; i < 3; i++) { - CuAssertStrEquals (tc, keys[i], okeys[i]); - CuAssertPtrEquals (tc, keys[i], okeys[i]); - CuAssertStrEquals (tc, values[i], ovalues[i]); - CuAssertPtrEquals (tc, values[i], ovalues[i]); + assert_str_eq (keys[i], okeys[i]); + assert_ptr_eq (keys[i], okeys[i]); + assert_str_eq (values[i], ovalues[i]); + assert_ptr_eq (values[i], ovalues[i]); } } static void -test_set_get (CuTest *tc) +test_set_get (void) { char *key = "KEY"; char *value = "VALUE"; @@ -213,13 +213,13 @@ test_set_get (CuTest *tc) map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); p11_dict_set (map, key, value); check = p11_dict_get (map, key); - CuAssertPtrEquals (tc, check, value); + assert_ptr_eq (check, value); p11_dict_free (map); } static void -test_set_get_remove (CuTest *tc) +test_set_get_remove (void) { char *key = "KEY"; char *value = "VALUE"; @@ -230,24 +230,24 @@ test_set_get_remove (CuTest *tc) map = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL); if (!p11_dict_set (map, key, value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); check = p11_dict_get (map, key); - CuAssertPtrEquals (tc, check, value); + assert_ptr_eq (check, value); ret = p11_dict_remove (map, key); - CuAssertIntEquals (tc, true, ret); + assert_num_eq (true, ret); ret = p11_dict_remove (map, key); - CuAssertIntEquals (tc, false, ret); + assert_num_eq (false, ret); check = p11_dict_get (map, key); - CuAssert (tc, "should be null", check == NULL); + assert (check == NULL); p11_dict_free (map); } static void -test_set_clear (CuTest *tc) +test_set_clear (void) { char *key = "KEY"; char *value = "VALUE"; @@ -257,18 +257,18 @@ test_set_clear (CuTest *tc) map = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL); if (!p11_dict_set (map, key, value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); p11_dict_clear (map); check = p11_dict_get (map, key); - CuAssert (tc, "should be null", check == NULL); + assert (check == NULL); p11_dict_free (map); } static void -test_remove_destroys (CuTest *tc) +test_remove_destroys (void) { p11_dict *map; Key key = { 8, 0 }; @@ -276,23 +276,23 @@ test_remove_destroys (CuTest *tc) bool ret; map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - CuAssertPtrNotNull (tc, map); + assert_ptr_not_null (map); if (!p11_dict_set (map, &key, &value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); ret = p11_dict_remove (map, &key); - CuAssertIntEquals (tc, true, ret); - CuAssertIntEquals (tc, true, key.freed); - CuAssertIntEquals (tc, 2, value); + assert_num_eq (true, ret); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); /* should not be destroyed again */ key.freed = false; value = 0; ret = p11_dict_remove (map, &key); - CuAssertIntEquals (tc, false, ret); - CuAssertIntEquals (tc, false, key.freed); - CuAssertIntEquals (tc, 0, value); + assert_num_eq (false, ret); + assert_num_eq (false, key.freed); + assert_num_eq (0, value); /* should not be destroyed again */ key.freed = false; @@ -300,12 +300,12 @@ test_remove_destroys (CuTest *tc) p11_dict_free (map); - CuAssertIntEquals (tc, false, key.freed); - CuAssertIntEquals (tc, 0, value); + assert_num_eq (false, key.freed); + assert_num_eq (0, value); } static void -test_set_destroys (CuTest *tc) +test_set_destroys (void) { p11_dict *map; Key key = { 8, 0 }; @@ -314,88 +314,88 @@ test_set_destroys (CuTest *tc) bool ret; map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - CuAssertPtrNotNull (tc, map); + assert_ptr_not_null (map); if (!p11_dict_set (map, &key, &value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); key.freed = key2.freed = false; value = value2 = 0; /* Setting same key and value, should not be destroyed */ ret = p11_dict_set (map, &key, &value); - CuAssertIntEquals (tc, true, ret); - CuAssertIntEquals (tc, false, key.freed); - CuAssertIntEquals (tc, false, key2.freed); - CuAssertIntEquals (tc, 0, value); - CuAssertIntEquals (tc, 0, value2); + assert_num_eq (true, ret); + assert_num_eq (false, key.freed); + assert_num_eq (false, key2.freed); + assert_num_eq (0, value); + assert_num_eq (0, value2); key.freed = key2.freed = false; value = value2 = 0; /* Setting a new key same value, key should be destroyed */ ret = p11_dict_set (map, &key2, &value); - CuAssertIntEquals (tc, true, ret); - CuAssertIntEquals (tc, true, key.freed); - CuAssertIntEquals (tc, false, key2.freed); - CuAssertIntEquals (tc, 0, value); - CuAssertIntEquals (tc, 0, value2); + assert_num_eq (true, ret); + assert_num_eq (true, key.freed); + assert_num_eq (false, key2.freed); + assert_num_eq (0, value); + assert_num_eq (0, value2); key.freed = key2.freed = false; value = value2 = 0; /* Setting same key, new value, value should be destroyed */ ret = p11_dict_set (map, &key2, &value2); - CuAssertIntEquals (tc, true, ret); - CuAssertIntEquals (tc, false, key.freed); - CuAssertIntEquals (tc, false, key2.freed); - CuAssertIntEquals (tc, 2, value); - CuAssertIntEquals (tc, 0, value2); + assert_num_eq (true, ret); + assert_num_eq (false, key.freed); + assert_num_eq (false, key2.freed); + assert_num_eq (2, value); + assert_num_eq (0, value2); key.freed = key2.freed = false; value = value2 = 0; /* Setting new key new value, both should be destroyed */ ret = p11_dict_set (map, &key, &value); - CuAssertIntEquals (tc, true, ret); - CuAssertIntEquals (tc, false, key.freed); - CuAssertIntEquals (tc, true, key2.freed); - CuAssertIntEquals (tc, 0, value); - CuAssertIntEquals (tc, 2, value2); + assert_num_eq (true, ret); + assert_num_eq (false, key.freed); + assert_num_eq (true, key2.freed); + assert_num_eq (0, value); + assert_num_eq (2, value2); key.freed = key2.freed = false; value = value2 = 0; p11_dict_free (map); - CuAssertIntEquals (tc, true, key.freed); - CuAssertIntEquals (tc, 2, value); - CuAssertIntEquals (tc, false, key2.freed); - CuAssertIntEquals (tc, 0, value2); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); + assert_num_eq (false, key2.freed); + assert_num_eq (0, value2); } static void -test_clear_destroys (CuTest *tc) +test_clear_destroys (void) { p11_dict *map; Key key = { 18, 0 }; int value = 0; map = p11_dict_new (key_hash, key_equal, key_destroy, value_destroy); - CuAssertPtrNotNull (tc, map); + assert_ptr_not_null (map); if (!p11_dict_set (map, &key, &value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); p11_dict_clear (map); - CuAssertIntEquals (tc, true, key.freed); - CuAssertIntEquals (tc, 2, value); + assert_num_eq (true, key.freed); + assert_num_eq (2, value); /* should not be destroyed again */ key.freed = false; value = 0; p11_dict_clear (map); - CuAssertIntEquals (tc, false, key.freed); - CuAssertIntEquals (tc, 0, value); + assert_num_eq (false, key.freed); + assert_num_eq (0, value); /* should not be destroyed again */ key.freed = false; @@ -403,8 +403,8 @@ test_clear_destroys (CuTest *tc) p11_dict_free (map); - CuAssertIntEquals (tc, false, key.freed); - CuAssertIntEquals (tc, 0, value); + assert_num_eq (false, key.freed); + assert_num_eq (0, value); } static unsigned int @@ -415,7 +415,7 @@ test_hash_intptr_with_collisions (const void *data) } static void -test_hash_add_check_lots_and_collisions (CuTest *tc) +test_hash_add_check_lots_and_collisions (void) { p11_dict *map; int *value; @@ -428,20 +428,20 @@ test_hash_add_check_lots_and_collisions (CuTest *tc) value = malloc (sizeof (int)); *value = i; if (!p11_dict_set (map, value, value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); } for (i = 0; i < 20000; ++i) { value = p11_dict_get (map, &i); - CuAssertPtrNotNull (tc, value); - CuAssertIntEquals (tc, i, *value); + assert_ptr_not_null (value); + assert_num_eq (i, *value); } p11_dict_free (map); } static void -test_hash_count (CuTest *tc) +test_hash_count (void) { p11_dict *map; int *value; @@ -450,30 +450,30 @@ test_hash_count (CuTest *tc) map = p11_dict_new (p11_dict_intptr_hash, p11_dict_intptr_equal, NULL, free); - CuAssertIntEquals (tc, 0, p11_dict_size (map)); + assert_num_eq (0, p11_dict_size (map)); for (i = 0; i < 20000; ++i) { value = malloc (sizeof (int)); *value = i; if (!p11_dict_set (map, value, value)) - CuFail (tc, "should not be reached"); - CuAssertIntEquals (tc, i + 1, p11_dict_size (map)); + assert_not_reached (); + assert_num_eq (i + 1, p11_dict_size (map)); } for (i = 0; i < 20000; ++i) { ret = p11_dict_remove (map, &i); - CuAssertIntEquals (tc, true, ret); - CuAssertIntEquals (tc, 20000 - (i + 1), p11_dict_size (map)); + assert_num_eq (true, ret); + assert_num_eq (20000 - (i + 1), p11_dict_size (map)); } p11_dict_clear (map); - CuAssertIntEquals (tc, 0, p11_dict_size (map)); + assert_num_eq (0, p11_dict_size (map)); p11_dict_free (map); } static void -test_hash_ulongptr (CuTest *tc) +test_hash_ulongptr (void) { p11_dict *map; unsigned long *value; @@ -485,47 +485,35 @@ test_hash_ulongptr (CuTest *tc) value = malloc (sizeof (unsigned long)); *value = i; if (!p11_dict_set (map, value, value)) - CuFail (tc, "should not be reached"); + assert_not_reached (); } for (i = 0; i < 20000; ++i) { value = p11_dict_get (map, &i); - CuAssertPtrNotNull (tc, value); - CuAssertIntEquals (tc, i, *value); + assert_ptr_not_null (value); + assert_num_eq (i, *value); } p11_dict_free (map); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - SUITE_ADD_TEST (suite, test_create); - SUITE_ADD_TEST (suite, test_set_get); - SUITE_ADD_TEST (suite, test_set_get_remove); - SUITE_ADD_TEST (suite, test_remove_destroys); - SUITE_ADD_TEST (suite, test_set_clear); - SUITE_ADD_TEST (suite, test_set_destroys); - SUITE_ADD_TEST (suite, test_clear_destroys); - SUITE_ADD_TEST (suite, test_free_null); - SUITE_ADD_TEST (suite, test_free_destroys); - SUITE_ADD_TEST (suite, test_iterate); - SUITE_ADD_TEST (suite, test_iterate_remove); - SUITE_ADD_TEST (suite, test_hash_add_check_lots_and_collisions); - SUITE_ADD_TEST (suite, test_hash_count); - SUITE_ADD_TEST (suite, test_hash_ulongptr); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_create, "/dict/create"); + p11_test (test_set_get, "/dict/set-get"); + p11_test (test_set_get_remove, "/dict/set-get-remove"); + p11_test (test_remove_destroys, "/dict/remove-destroys"); + p11_test (test_set_clear, "/dict/set-clear"); + p11_test (test_set_destroys, "/dict/set-destroys"); + p11_test (test_clear_destroys, "/dict/clear-destroys"); + p11_test (test_free_null, "/dict/free-null"); + p11_test (test_free_destroys, "/dict/free-destroys"); + p11_test (test_iterate, "/dict/iterate"); + p11_test (test_iterate_remove, "/dict/iterate-remove"); + p11_test (test_hash_add_check_lots_and_collisions, "/dict/add-check-lots-and-collisions"); + p11_test (test_hash_count, "/dict/count"); + p11_test (test_hash_ulongptr, "/dict/ulongptr"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-hash.c b/common/tests/test-hash.c index eecf09b..c679cad 100644 --- a/common/tests/test-hash.c +++ b/common/tests/test-hash.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -56,7 +56,7 @@ const char *sha1_checksum[] = { }; static void -test_sha1 (CuTest *cu) +test_sha1 (void) { unsigned char checksum[P11_HASH_SHA1_LEN]; size_t len; @@ -67,28 +67,28 @@ test_sha1 (CuTest *cu) len = strlen (sha1_input[i]); p11_hash_sha1 (checksum, sha1_input[i], len, NULL); - CuAssertTrue (cu, memcmp (sha1_checksum[i], checksum, P11_HASH_SHA1_LEN) == 0); + assert (memcmp (sha1_checksum[i], checksum, P11_HASH_SHA1_LEN) == 0); if (len > 6) { p11_hash_sha1 (checksum, sha1_input[i], 6, sha1_input[i] + 6, len - 6, NULL); - CuAssertTrue (cu, memcmp (sha1_checksum[i], checksum, P11_HASH_SHA1_LEN) == 0); + assert (memcmp (sha1_checksum[i], checksum, P11_HASH_SHA1_LEN) == 0); } } } static void -test_sha1_long (CuTest *cu) +test_sha1_long (void) { unsigned char checksum[P11_HASH_SHA1_LEN]; char *expected = "\x34\xAA\x97\x3C\xD4\xC4\xDA\xA4\xF6\x1E\xEB\x2B\xDB\xAD\x27\x31\x65\x34\x01\x6F"; char *input; input = malloc (1000000); - CuAssertTrue (cu, input != NULL); + assert (input != NULL); memset (input, 'a', 1000000); p11_hash_sha1 (checksum, input, 1000000, NULL); - CuAssertTrue (cu, memcmp (expected, checksum, P11_HASH_SHA1_LEN) == 0); + assert (memcmp (expected, checksum, P11_HASH_SHA1_LEN) == 0); free (input); } @@ -112,7 +112,7 @@ const char *md5_checksum[] = { }; static void -test_md5 (CuTest *cu) +test_md5 (void) { unsigned char checksum[P11_HASH_MD5_LEN]; size_t len; @@ -123,17 +123,17 @@ test_md5 (CuTest *cu) len = strlen (md5_input[i]); p11_hash_md5 (checksum, md5_input[i], len, NULL); - CuAssertTrue (cu, memcmp (md5_checksum[i], checksum, P11_HASH_MD5_LEN) == 0); + assert (memcmp (md5_checksum[i], checksum, P11_HASH_MD5_LEN) == 0); if (len > 5) { p11_hash_md5 (checksum, md5_input[i], 5, md5_input[i] + 5, len - 5, NULL); - CuAssertTrue (cu, memcmp (md5_checksum[i], checksum, P11_HASH_MD5_LEN) == 0); + assert (memcmp (md5_checksum[i], checksum, P11_HASH_MD5_LEN) == 0); } } } static void -test_murmur2 (CuTest *cu) +test_murmur3 (void) { uint32_t one, two, four, seven, eleven, split; @@ -146,23 +146,23 @@ test_murmur2 (CuTest *cu) p11_hash_murmur3 ((unsigned char *)&eleven, "eleven", 6, NULL); p11_hash_murmur3 ((unsigned char *)&split, "ele", 3, "ven", 3, NULL); - CuAssertTrue (cu, one != two); - CuAssertTrue (cu, one != four); - CuAssertTrue (cu, one != seven); - CuAssertTrue (cu, one != eleven); + assert (one != two); + assert (one != four); + assert (one != seven); + assert (one != eleven); - CuAssertTrue (cu, two != four); - CuAssertTrue (cu, two != seven); - CuAssertTrue (cu, two != eleven); + assert (two != four); + assert (two != seven); + assert (two != eleven); - CuAssertTrue (cu, four != seven); - CuAssertTrue (cu, four != eleven); + assert (four != seven); + assert (four != eleven); - CuAssertTrue (cu, split == eleven); + assert (split == eleven); } static void -test_murmur2_incr (CuTest *cu) +test_murmur3_incr (void) { uint32_t first, second; @@ -182,29 +182,17 @@ test_murmur2_incr (CuTest *cu) "!", (size_t)1, NULL); - CuAssertIntEquals (cu, first, second); + assert_num_eq (first, second); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - SUITE_ADD_TEST (suite, test_sha1); - SUITE_ADD_TEST (suite, test_sha1_long); - SUITE_ADD_TEST (suite, test_md5); - SUITE_ADD_TEST (suite, test_murmur2); - SUITE_ADD_TEST (suite, test_murmur2_incr); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_sha1, "/hash/sha1"); + p11_test (test_sha1_long, "/hash/sha1-long"); + p11_test (test_md5, "/hash/md5"); + p11_test (test_murmur3, "/hash/murmur3"); + p11_test (test_murmur3_incr, "/hash/murmur3-incr"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-lexer.c b/common/tests/test-lexer.c index 58d5d65..ff18a89 100644 --- a/common/tests/test-lexer.c +++ b/common/tests/test-lexer.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -62,9 +62,9 @@ on_pem_get_type (const char *type, } static void -check_lex_msg (CuTest *tc, - const char *file, +check_lex_msg (const char *file, int line, + const char *function, const expected_tok *expected, const char *input, bool failure) @@ -77,60 +77,63 @@ check_lex_msg (CuTest *tc, p11_lexer_init (&lexer, "test", input, strlen (input)); for (i = 0; p11_lexer_next (&lexer, &failed); i++) { - CuAssertIntEquals_LineMsg (tc, file, line, - "lexer token type does not match", - expected[i].tok_type, lexer.tok_type); + if (expected[i].tok_type != lexer.tok_type) + p11_test_fail (file, line, function, + "lexer token type does not match: (%d != %d)", + expected[i].tok_type, lexer.tok_type); switch (lexer.tok_type) { case TOK_FIELD: - CuAssertStrEquals_LineMsg (tc, file, line, - "field name doesn't match", - expected[i].name, lexer.tok.field.name); - CuAssertStrEquals_LineMsg (tc, file, line, - "field value doesn't match", - expected[i].value, lexer.tok.field.value); + if (strcmp (expected[i].name, lexer.tok.field.name) != 0) + p11_test_fail (file, line, function, + "field name doesn't match: (%s != %s)", + expected[i].name, lexer.tok.field.name); + if (strcmp (expected[i].value, lexer.tok.field.value) != 0) + p11_test_fail (file, line, function, + "field value doesn't match: (%s != %s)", + expected[i].value, lexer.tok.field.value); break; case TOK_SECTION: - CuAssertStrEquals_LineMsg (tc, file, line, - "section name doesn't match", - expected[i].name, lexer.tok.field.name); + if (strcmp (expected[i].name, lexer.tok.field.name) != 0) + p11_test_fail (file, line, function, + "section name doesn't match: (%s != %s)", + expected[i].name, lexer.tok.field.name); break; case TOK_PEM: type = NULL; count = p11_pem_parse (lexer.tok.pem.begin, lexer.tok.pem.length, on_pem_get_type, &type); - CuAssertIntEquals_LineMsg (tc, file, line, - "wrong number of PEM blocks", - 1, count); - CuAssertStrEquals_LineMsg (tc, file, line, - "wrong type of PEM block", - expected[i].name, type); + if (count != 1) + p11_test_fail (file, line, function, "more than one PEM block: %d", count); + if (strcmp (expected[i].name, type) != 0) + p11_test_fail (file, line, function, + "wrong type of PEM block: (%s != %s)", + expected[i].name, type); free (type); break; case TOK_EOF: - CuFail_Line (tc, file, line, NULL, "eof should not be recieved"); + p11_test_fail (file, line, function, "eof should not be recieved"); break; } } - if (failure) - CuAssert_Line (tc, file, line, "lexing didn't fail", failed); - else - CuAssert_Line (tc, file, line, "lexing failed", !failed); - CuAssertIntEquals_LineMsg (tc, file, line, - "premature end of lexing", - TOK_EOF, expected[i].tok_type); + if (failure && !failed) + p11_test_fail (file, line, function, "lexing didn't fail"); + else if (!failure && failed) + p11_test_fail (file, line, function, "lexing failed"); + if (TOK_EOF != expected[i].tok_type) + p11_test_fail (file, line, function, "premature end of lexing"); p11_lexer_done (&lexer); } -#define check_lex_success(tc, expected, input) \ - check_lex_msg (tc, __FILE__, __LINE__, expected, input, false) +#define check_lex_success(expected, input) \ + check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, false) -#define check_lex_failure(tc, expected, input) \ - check_lex_msg (tc, __FILE__, __LINE__, expected, input, true) +#define check_lex_failure(expected, input) \ + check_lex_msg (__FILE__, __LINE__, __FUNCTION__, expected, input, true) static void -test_basic (CuTest *tc) +test_basic (void) { const char *input = "[the header]\n" "field: value\n" @@ -145,11 +148,11 @@ test_basic (CuTest *tc) { TOK_EOF } }; - check_lex_success (tc, expected, input); + check_lex_success (expected, input); } static void -test_corners (CuTest *tc) +test_corners (void) { const char *input = "\r\n" /* blankline */ " [the header]\r\n" /* bad line endings */ @@ -175,11 +178,11 @@ test_corners (CuTest *tc) { TOK_EOF } }; - check_lex_success (tc, expected, input); + check_lex_success (expected, input); } static void -test_following (CuTest *tc) +test_following (void) { const char *input = "-----BEGIN BLOCK1-----\n" "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n" @@ -192,11 +195,11 @@ test_following (CuTest *tc) { TOK_EOF } }; - check_lex_success (tc, expected, input); + check_lex_success (expected, input); } static void -test_bad_pem (CuTest *tc) +test_bad_pem (void) { const char *input = "field: value\n" "-----BEGIN BLOCK1-----\n" @@ -209,13 +212,13 @@ test_bad_pem (CuTest *tc) p11_message_quiet (); - check_lex_failure (tc, expected, input); + check_lex_failure (expected, input); p11_message_loud (); } static void -test_bad_section (CuTest *tc) +test_bad_section (void) { const char *input = "field: value\n" "[section\n" @@ -228,13 +231,13 @@ test_bad_section (CuTest *tc) p11_message_quiet (); - check_lex_failure (tc, expected, input); + check_lex_failure (expected, input); p11_message_loud (); } static void -test_bad_value (CuTest *tc) +test_bad_value (void) { const char *input = "field_value\n" "[section\n" @@ -246,35 +249,20 @@ test_bad_value (CuTest *tc) p11_message_quiet (); - check_lex_failure (tc, expected, input); + check_lex_failure (expected, input); p11_message_loud (); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_basic); - SUITE_ADD_TEST (suite, test_corners); - SUITE_ADD_TEST (suite, test_following); - SUITE_ADD_TEST (suite, test_bad_pem); - SUITE_ADD_TEST (suite, test_bad_section); - SUITE_ADD_TEST (suite, test_bad_value); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_basic, "/lexer/basic"); + p11_test (test_corners, "/lexer/corners"); + p11_test (test_following, "/lexer/following"); + p11_test (test_bad_pem, "/lexer/bad-pem"); + p11_test (test_bad_section, "/lexer/bad-section"); + p11_test (test_bad_value, "/lexer/bad-value"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-oid.c b/common/tests/test-oid.c index 71b8278..05945d9 100644 --- a/common/tests/test-oid.c +++ b/common/tests/test-oid.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -47,7 +47,7 @@ #include "pkix.asn.h" static void -test_known_oids (CuTest *cu) +test_known_oids (void) { char buffer[128]; node_asn *definitions = NULL; @@ -79,29 +79,29 @@ test_known_oids (CuTest *cu) }; ret = asn1_array2tree (pkix_asn1_tab, &definitions, NULL); - CuAssertTrue (cu, ret == ASN1_SUCCESS); + assert (ret == ASN1_SUCCESS); for (i = 0; known_oids[i].oid != NULL; i++) { - CuAssertTrue (cu, p11_oid_simple (known_oids[i].oid, known_oids[i].length)); - CuAssertIntEquals (cu, known_oids[i].length, p11_oid_length (known_oids[i].oid)); - CuAssertTrue (cu, p11_oid_equal (known_oids[i].oid, known_oids[i].oid)); + assert (p11_oid_simple (known_oids[i].oid, known_oids[i].length)); + assert_num_eq (known_oids[i].length, p11_oid_length (known_oids[i].oid)); + assert (p11_oid_equal (known_oids[i].oid, known_oids[i].oid)); if (i > 0) - CuAssertTrue (cu, !p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid)); + assert (!p11_oid_equal (known_oids[i].oid, known_oids[i - 1].oid)); /* AttributeType is a OBJECT IDENTIFIER */ ret = asn1_create_element (definitions, "PKIX1.AttributeType", &node); - CuAssertTrue (cu, ret == ASN1_SUCCESS); + assert (ret == ASN1_SUCCESS); ret = asn1_der_decoding (&node, known_oids[i].oid, known_oids[i].length, NULL); - CuAssertTrue (cu, ret == ASN1_SUCCESS); + assert (ret == ASN1_SUCCESS); len = sizeof (buffer); ret = asn1_read_value (node, "", buffer, &len); - CuAssertTrue (cu, ret == ASN1_SUCCESS); + assert (ret == ASN1_SUCCESS); - CuAssertStrEquals (cu, known_oids[i].string, buffer); + assert_str_eq (known_oids[i].string, buffer); asn1_delete_structure (&node); } @@ -110,24 +110,9 @@ test_known_oids (CuTest *cu) } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_known_oids); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_known_oids, "/oids/known"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-path.c b/common/tests/test-path.c index 8263d1f..54d6f29 100644 --- a/common/tests/test-path.c +++ b/common/tests/test-path.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -43,7 +43,7 @@ #include "path.h" static void -test_base (CuTest *tc) +test_base (void) { struct { const char *in; @@ -70,27 +70,16 @@ test_base (CuTest *tc) for (i = 0; fixtures[i].in != NULL; i++) { out = p11_path_base (fixtures[i].in); - CuAssertStrEquals (tc, fixtures[i].out, out); + assert_str_eq (fixtures[i].out, out); free (out); } } -static void -check_equals_and_free_msg (CuTest *tc, - const char *file, - int line, - const char *ex, - char *ac) -{ - CuAssertStrEquals_LineMsg (tc, file, line, NULL, ex, ac); - free (ac); -} - #define check_equals_and_free(tc, ex, ac) \ - check_equals_and_free_msg ((tc), __FILE__, __LINE__, (ex), (ac)) + do { assert_str_eq (ex, ac); free (ac); } while (0) static void -test_build (CuTest *tc) +test_build (void) { #ifdef OS_UNIX check_equals_and_free (tc, "/root/second", @@ -118,7 +107,7 @@ test_build (CuTest *tc) } static void -test_expand (CuTest *tc) +test_expand (void) { char *path; @@ -151,52 +140,41 @@ test_expand (CuTest *tc) putenv("HOME="); path = p11_path_expand ("$HOME/this/is/my/path"); - CuAssertTrue (tc, strstr (path, "this/is/my/path") != NULL); + assert (strstr (path, "this/is/my/path") != NULL); free (path); putenv("HOME="); path = p11_path_expand ("~/this/is/my/path"); - CuAssertTrue (tc, strstr (path, "this/is/my/path") != NULL); + assert (strstr (path, "this/is/my/path") != NULL); free (path); putenv("TEMP="); path = p11_path_expand ("$TEMP/this/is/my/path"); - CuAssertTrue (tc, strstr (path, "this/is/my/path") != NULL); + assert (strstr (path, "this/is/my/path") != NULL); free (path); } static void -test_absolute (CuTest *tc) +test_absolute (void) { #ifdef OS_UNIX - CuAssertTrue (tc, p11_path_absolute ("/home")); - CuAssertTrue (tc, !p11_path_absolute ("home")); + assert (p11_path_absolute ("/home")); + assert (!p11_path_absolute ("home")); #else /* OS_WIN32 */ - CuAssertTrue (tc, p11_path_absolute ("C:\\home")); - CuAssertTrue (tc, !p11_path_absolute ("home")); - CuAssertTrue (tc, !p11_path_absolute ("/home")); + assert (p11_path_absolute ("C:\\home")); + assert (!p11_path_absolute ("home")); + assert (p11_path_absolute ("/home")); #endif } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - SUITE_ADD_TEST (suite, test_base); - SUITE_ADD_TEST (suite, test_build); - SUITE_ADD_TEST (suite, test_expand); - SUITE_ADD_TEST (suite, test_absolute); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_base, "/path/base"); + p11_test (test_build, "/path/build"); + p11_test (test_expand, "/path/expand"); + p11_test (test_absolute, "/path/absolute"); + + return p11_test_run (argc, argv); } diff --git a/common/tests/test-pem.c b/common/tests/test-pem.c index 54a59d6..7dd7fb2 100644 --- a/common/tests/test-pem.c +++ b/common/tests/test-pem.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include #include @@ -125,7 +125,6 @@ struct { }; typedef struct { - CuTest *cu; int input_index; int output_index; int parsed; @@ -139,8 +138,8 @@ on_parse_pem_success (const char *type, { Closure *cl = user_data; - CuAssertIntEquals (cl->cu, success_fixtures[cl->input_index].output[cl->output_index].length, length); - CuAssertTrue (cl->cu, memcmp (success_fixtures[cl->input_index].output[cl->output_index].data, contents, + assert_num_eq (success_fixtures[cl->input_index].output[cl->output_index].length, length); + assert (memcmp (success_fixtures[cl->input_index].output[cl->output_index].data, contents, success_fixtures[cl->input_index].output[cl->output_index].length) == 0); cl->output_index++; @@ -148,7 +147,7 @@ on_parse_pem_success (const char *type, } static void -test_pem_success (CuTest *cu) +test_pem_success (void) { Closure cl; int ret; @@ -156,7 +155,6 @@ test_pem_success (CuTest *cu) int j; for (i = 0; success_fixtures[i].input != NULL; i++) { - cl.cu = cu; cl.input_index = i; cl.output_index = 0; cl.parsed = 0; @@ -164,12 +162,12 @@ test_pem_success (CuTest *cu) ret = p11_pem_parse (success_fixtures[i].input, strlen (success_fixtures[i].input), on_parse_pem_success, &cl); - CuAssertTrue (cu, success_fixtures[i].output[cl.output_index].type == NULL); + assert (success_fixtures[i].output[cl.output_index].type == NULL); /* Count number of outputs, return from p11_pem_parse() should match */ for (j = 0; success_fixtures[i].output[j].type != NULL; j++); - CuAssertIntEquals (cu, j, ret); - CuAssertIntEquals (cu, ret, cl.parsed); + assert_num_eq (j, ret); + assert_num_eq (ret, cl.parsed); } } @@ -215,20 +213,19 @@ on_parse_pem_failure (const char *type, size_t length, void *user_data) { - CuTest *cu = user_data; - CuAssertTrue (cu, false && "not reached"); + assert (false && "not reached"); } static void -test_pem_failure (CuTest *cu) +test_pem_failure (void) { int ret; int i; for (i = 0; failure_fixtures[i] != NULL; i++) { ret = p11_pem_parse (failure_fixtures[i], strlen (failure_fixtures[i]), - on_parse_pem_failure, cu); - CuAssertIntEquals (cu, 0, ret); + on_parse_pem_failure, NULL); + assert_num_eq (0, ret); } } @@ -239,11 +236,6 @@ typedef struct { const char *output; } WriteFixture; -typedef struct { - CuTest *cu; - WriteFixture *fixture; -} WriteClosure; - static WriteFixture write_fixtures[] = { { "\x69\x83\x4d\x5e\xab\x21\x95\x5c\x42\x76\x8f\x10\x7c\xa7\x97\x87" @@ -303,18 +295,17 @@ on_parse_written (const char *type, size_t length, void *user_data) { - WriteClosure *cl = user_data; + WriteFixture *fixture = user_data; - CuAssertStrEquals (cl->cu, cl->fixture->type, type); - CuAssertIntEquals (cl->cu, cl->fixture->length, length); - CuAssertTrue (cl->cu, memcmp (contents, cl->fixture->input, length) == 0); + assert_str_eq (fixture->type, type); + assert_num_eq (fixture->length, length); + assert (memcmp (contents, fixture->input, length) == 0); } static void -test_pem_write (CuTest *cu) +test_pem_write (void) { WriteFixture *fixture; - WriteClosure cl; size_t length; char *output; unsigned int count; @@ -326,37 +317,22 @@ test_pem_write (CuTest *cu) output = p11_pem_write ((unsigned char *)fixture->input, fixture->length, fixture->type, &length); - CuAssertStrEquals (cu, fixture->output, output); - CuAssertIntEquals (cu, strlen (fixture->output), length); - - cl.fixture = fixture; - cl.cu = cu; + assert_str_eq (fixture->output, output); + assert_num_eq (strlen (fixture->output), length); - count = p11_pem_parse (output, length, on_parse_written, &cl); - CuAssertIntEquals (cu, 1, count); + count = p11_pem_parse (output, length, on_parse_written, fixture); + assert_num_eq (1, count); free (output); } } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - SUITE_ADD_TEST (suite, test_pem_success); - SUITE_ADD_TEST (suite, test_pem_failure); - SUITE_ADD_TEST (suite, test_pem_write); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_pem_success, "/pem/success"); + p11_test (test_pem_failure, "/pem/failure"); + p11_test (test_pem_write, "/pem/write"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-url.c b/common/tests/test-url.c index ed84f0c..4c62594 100644 --- a/common/tests/test-url.c +++ b/common/tests/test-url.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include "debug.h" #include "message.h" @@ -46,9 +46,9 @@ #include "url.h" static void -check_decode_msg (CuTest *tc, - const char *file, +check_decode_msg (const char *file, int line, + const char *function, const char *input, ssize_t input_len, const char *expected, @@ -62,106 +62,97 @@ check_decode_msg (CuTest *tc, decoded = p11_url_decode (input, input + input_len, "", &length); if (expected == NULL) { - CuAssert_Line (tc, file, line, "decoding should have failed", decoded == NULL); + if (decoded != NULL) + p11_test_fail (file, line, function, "decoding should have failed"); } else { - CuAssert_Line (tc, file, line, "decoding failed", decoded != NULL); - CuAssertIntEquals_LineMsg (tc, file, line, "wrong length", expected_len, length); - CuAssert_Line (tc, file, line, "decoded wrong", memcmp (decoded, expected, length) == 0); + if (decoded == NULL) + p11_test_fail (file, line, function, "decoding failed"); + if (expected_len != length) + p11_test_fail (file, line, function, "wrong length: (%lu != %lu)", + (unsigned long)expected_len, (unsigned long)length); + if (memcmp (decoded, expected, length) != 0) + p11_test_fail (file, line, function, "decoding wrong"); free (decoded); } } -#define check_decode_success(tc, input, input_len, expected, expected_len) \ - check_decode_msg (tc, __FILE__, __LINE__, input, input_len, expected, expected_len) +#define check_decode_success(input, input_len, expected, expected_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, expected, expected_len) -#define check_decode_failure(tc, input, input_len) \ - check_decode_msg (tc, __FILE__, __LINE__, input, input_len, NULL, 0) +#define check_decode_failure(input, input_len) \ + check_decode_msg (__FILE__, __LINE__, __FUNCTION__, input, input_len, NULL, 0) static void -test_decode_success (CuTest *tc) +test_decode_success (void) { - check_decode_success (tc, "%54%45%53%54%00", -1, "TEST", 5); - check_decode_success (tc, "%54%45%53%54%00", 6, "TE", 2); - check_decode_success (tc, "%54est%00", -1, "Test", 5); + check_decode_success ("%54%45%53%54%00", -1, "TEST", 5); + check_decode_success ("%54%45%53%54%00", 6, "TE", 2); + check_decode_success ("%54est%00", -1, "Test", 5); } static void -test_decode_skip (CuTest *tc) +test_decode_skip (void) { const char *input = "%54 %45 %53 %54 %00"; unsigned char *decoded; size_t length; decoded = p11_url_decode (input, input + strlen (input), P11_URL_WHITESPACE, &length); - CuAssertStrEquals (tc, "TEST", (char *)decoded); - CuAssertIntEquals (tc, 5, length); + assert_str_eq ("TEST", (char *)decoded); + assert_num_eq (5, length); free (decoded); } static void -test_decode_failure (CuTest *tc) +test_decode_failure (void) { /* Early termination */ - check_decode_failure (tc, "%54%45%53%5", -1); - check_decode_failure (tc, "%54%45%53%", -1); + check_decode_failure ("%54%45%53%5", -1); + check_decode_failure ("%54%45%53%", -1); /* Not hex characters */ - check_decode_failure (tc, "%54%XX%53%54%00", -1); + check_decode_failure ("%54%XX%53%54%00", -1); } static void -test_encode (CuTest *tc) +test_encode (void) { const unsigned char *input = (unsigned char *)"TEST"; char *encoded; size_t length; encoded = p11_url_encode (input, input + 5, "", &length); - CuAssertStrEquals (tc, "%54%45%53%54%00", (char *)encoded); - CuAssertIntEquals (tc, 15, length); + assert_str_eq ("%54%45%53%54%00", (char *)encoded); + assert_num_eq (15, length); free (encoded); } static void -test_encode_verbatim (CuTest *tc) +test_encode_verbatim (void) { const unsigned char *input = (unsigned char *)"TEST"; char *encoded; size_t length; encoded = p11_url_encode (input, input + 5, "ES", &length); - CuAssertStrEquals (tc, "%54ES%54%00", (char *)encoded); - CuAssertIntEquals (tc, 11, length); + assert_str_eq ("%54ES%54%00", (char *)encoded); + assert_num_eq (11, length); free (encoded); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_decode_success); - SUITE_ADD_TEST (suite, test_decode_skip); - SUITE_ADD_TEST (suite, test_decode_failure); - - SUITE_ADD_TEST (suite, test_encode); - SUITE_ADD_TEST (suite, test_encode_verbatim); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - return ret; + p11_test (test_decode_success, "/url/decode-success"); + p11_test (test_decode_skip, "/url/decode-skip"); + p11_test (test_decode_failure, "/url/decode-failure"); + + p11_test (test_encode, "/url/encode"); + p11_test (test_encode_verbatim, "/url/encode-verbatim"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-utf8.c b/common/tests/test-utf8.c index ed13fa2..9b2c3d5 100644 --- a/common/tests/test-utf8.c +++ b/common/tests/test-utf8.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include "utf8.h" @@ -43,7 +43,7 @@ #define ELEMS(x) (sizeof (x) / sizeof (x[0])) static void -test_ucs2be (CuTest *cu) +test_ucs2be (void) { char *output; size_t length; @@ -73,14 +73,14 @@ test_ucs2be (CuTest *cu) fixtures[i].input_len, &length); - CuAssertIntEquals (cu, fixtures[i].output_len, length); - CuAssertStrEquals (cu, fixtures[i].output, output); + assert_num_eq (fixtures[i].output_len, length); + assert_str_eq (fixtures[i].output, output); free (output); } } static void -test_ucs2be_fail (CuTest *cu) +test_ucs2be_fail (void) { char *output; size_t length; @@ -97,12 +97,12 @@ test_ucs2be_fail (CuTest *cu) output = p11_utf8_for_ucs2be (fixtures[i].input, fixtures[i].input_len, &length); - CuAssertPtrEquals (cu, NULL, output); + assert_ptr_eq (NULL, output); } } static void -test_ucs4be (CuTest *cu) +test_ucs4be (void) { char *output; size_t length; @@ -146,15 +146,15 @@ test_ucs4be (CuTest *cu) fixtures[i].input_len, &length); - CuAssertIntEquals (cu, fixtures[i].output_len, length); - CuAssertStrEquals (cu, fixtures[i].output, output); + assert_num_eq (fixtures[i].output_len, length); + assert_str_eq (fixtures[i].output, output); free (output); } } static void -test_ucs4be_fail (CuTest *cu) +test_ucs4be_fail (void) { char *output; size_t length; @@ -179,12 +179,12 @@ test_ucs4be_fail (CuTest *cu) output = p11_utf8_for_ucs4be (fixtures[i].input, fixtures[i].input_len, &length); - CuAssertPtrEquals (cu, NULL, output); + assert_ptr_eq (NULL, output); } } static void -test_utf8 (CuTest *cu) +test_utf8 (void) { bool ret; int i; @@ -203,12 +203,12 @@ test_utf8 (CuTest *cu) for (i = 0; i < ELEMS (fixtures); i++) { ret = p11_utf8_validate (fixtures[i].input, fixtures[i].input_len); - CuAssertIntEquals (cu, true, ret); + assert_num_eq (true, ret); } } static void -test_utf8_fail (CuTest *cu) +test_utf8_fail (void) { bool ret; int i; @@ -226,31 +226,19 @@ test_utf8_fail (CuTest *cu) for (i = 0; i < ELEMS (fixtures); i++) { ret = p11_utf8_validate (fixtures[i].input, fixtures[i].input_len); - CuAssertIntEquals (cu, false, ret); + assert_num_eq (false, ret); } } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - SUITE_ADD_TEST (suite, test_ucs2be); - SUITE_ADD_TEST (suite, test_ucs2be_fail); - SUITE_ADD_TEST (suite, test_ucs4be); - SUITE_ADD_TEST (suite, test_ucs4be_fail); - SUITE_ADD_TEST (suite, test_utf8); - SUITE_ADD_TEST (suite, test_utf8_fail); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_test (test_ucs2be, "/utf8/ucs2be"); + p11_test (test_ucs2be_fail, "/utf8/ucs2be_fail"); + p11_test (test_ucs4be, "/utf8/ucs4be"); + p11_test (test_ucs4be_fail, "/utf8/ucs4be_fail"); + p11_test (test_utf8, "/utf8/utf8"); + p11_test (test_utf8_fail, "/utf8/utf8_fail"); + return p11_test_run (argc, argv); } diff --git a/common/tests/test-x509.c b/common/tests/test-x509.c index 2596c9c..9f7d258 100644 --- a/common/tests/test-x509.c +++ b/common/tests/test-x509.c @@ -33,7 +33,7 @@ */ #include "config.h" -#include "CuTest.h" +#include "test.h" #include "asn1.h" #include "debug.h" @@ -51,14 +51,14 @@ struct { } test; static void -setup (CuTest *cu) +setup (void *unused) { test.asn1_defs = p11_asn1_defs_load (); - CuAssertPtrNotNull (cu, test.asn1_defs); + assert_ptr_not_null (test.asn1_defs); } static void -teardown (CuTest *cu) +teardown (void *unused) { p11_dict_free (test.asn1_defs); memset (&test, 0, sizeof (test)); @@ -226,29 +226,25 @@ struct { }; static void -test_parse_extended_key_usage (CuTest *cu) +test_parse_extended_key_usage (void) { p11_array *ekus; int i, j, count; - setup (cu); - for (i = 0; extended_key_usage_fixtures[i].eku != NULL; i++) { ekus = p11_x509_parse_extended_key_usage (test.asn1_defs, (const unsigned char *)extended_key_usage_fixtures[i].eku, extended_key_usage_fixtures[i].length); - CuAssertPtrNotNull (cu, ekus); + assert_ptr_not_null (ekus); for (count = 0; extended_key_usage_fixtures[i].expected[count] != NULL; count++); - CuAssertIntEquals (cu, count, ekus->num); + assert_num_eq (count, ekus->num); for (j = 0; j < count; j++) - CuAssertStrEquals (cu, ekus->elem[j], extended_key_usage_fixtures[i].expected[j]); + assert_str_eq (ekus->elem[j], extended_key_usage_fixtures[i].expected[j]); p11_array_free (ekus); } - - teardown (cu); } struct { @@ -263,82 +259,70 @@ struct { }; static void -test_parse_key_usage (CuTest *cu) +test_parse_key_usage (void) { unsigned int ku; int i; bool ret; - setup (cu); - for (i = 0; key_usage_fixtures[i].ku != NULL; i++) { ku = 0; ret = p11_x509_parse_key_usage (test.asn1_defs, (const unsigned char *)key_usage_fixtures[i].ku, key_usage_fixtures[i].length, &ku); - CuAssertIntEquals (cu, true, ret); + assert_num_eq (true, ret); - CuAssertIntEquals (cu, key_usage_fixtures[i].expected, ku); + assert_num_eq (key_usage_fixtures[i].expected, ku); } - - teardown (cu); } static void -test_parse_extension (CuTest *cu) +test_parse_extension (void) { node_asn *cert; unsigned char *ext; size_t length; bool is_ca; - setup (cu); - cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - CuAssertPtrNotNull (cu, cert); + assert_ptr_not_null (cert); ext = p11_x509_find_extension (cert, P11_OID_BASIC_CONSTRAINTS, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), &length); - CuAssertPtrNotNull (cu, ext); - CuAssertTrue (cu, length > 0); + assert_ptr_not_null (ext); + assert (length > 0); asn1_delete_structure (&cert); if (!p11_x509_parse_basic_constraints (test.asn1_defs, ext, length, &is_ca)) - CuFail (cu, "failed to parse message"); + assert_fail ("failed to parse message", "basic constraints"); free (ext); - - teardown (cu); } static void -test_parse_extension_not_found (CuTest *cu) +test_parse_extension_not_found (void) { node_asn *cert; unsigned char *ext; size_t length; - setup (cu); - cert = p11_asn1_decode (test.asn1_defs, "PKIX1.Certificate", test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL); - CuAssertPtrNotNull (cu, cert); + assert_ptr_not_null (cert); ext = p11_x509_find_extension (cert, P11_OID_OPENSSL_REJECT, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), &length); - CuAssertPtrEquals (cu, NULL, ext); + assert_ptr_eq (NULL, ext); asn1_delete_structure (&cert); - - teardown (cu); } static void -test_directory_string (CuTest *tc) +test_directory_string (void) { struct { unsigned char input[100]; @@ -392,17 +376,17 @@ test_directory_string (CuTest *tc) string = p11_x509_parse_directory_string (fixtures[i].input, fixtures[i].input_len, &unknown, &length); - CuAssertPtrNotNull (tc, string); - CuAssertIntEquals (tc, false, unknown); + assert_ptr_not_null (string); + assert_num_eq (false, unknown); - CuAssertIntEquals (tc, fixtures[i].output_len, length); - CuAssertStrEquals (tc, fixtures[i].output, string); + assert_num_eq (fixtures[i].output_len, length); + assert_str_eq (fixtures[i].output, string); free (string); } } static void -test_directory_string_unknown (CuTest *tc) +test_directory_string_unknown (void) { /* Not a valid choice in DirectoryString */ unsigned char input[] = { 0x05, 0x07, 'A', ' ', ' ', 'n', 'i', 'c', 'e' }; @@ -411,34 +395,22 @@ test_directory_string_unknown (CuTest *tc) size_t length; string = p11_x509_parse_directory_string (input, sizeof (input), &unknown, &length); - CuAssertPtrEquals (tc, NULL, string); - CuAssertIntEquals (tc, true, unknown); + assert_ptr_eq (NULL, string); + assert_num_eq (true, unknown); } int -main (void) +main (int argc, + char *argv[]) { - CuString *output = CuStringNew (); - CuSuite* suite = CuSuiteNew (); - int ret; - - putenv ("P11_KIT_STRICT=1"); - p11_debug_init (); - - SUITE_ADD_TEST (suite, test_parse_extended_key_usage); - SUITE_ADD_TEST (suite, test_parse_key_usage); - SUITE_ADD_TEST (suite, test_parse_extension); - SUITE_ADD_TEST (suite, test_parse_extension_not_found); - SUITE_ADD_TEST (suite, test_directory_string); - SUITE_ADD_TEST (suite, test_directory_string_unknown); - - CuSuiteRun (suite); - CuSuiteSummary (suite, output); - CuSuiteDetails (suite, output); - printf ("%s\n", output->buffer); - ret = suite->failCount; - CuSuiteDelete (suite); - CuStringDelete (output); - - return ret; + p11_fixture (setup, teardown); + p11_test (test_parse_extended_key_usage, "/x509/parse-extended-key-usage"); + p11_test (test_parse_key_usage, "/x509/parse-key-usage"); + p11_test (test_parse_extension, "/x509/parse-extension"); + p11_test (test_parse_extension_not_found, "/x509/parse-extension-not-found"); + + p11_fixture (NULL, NULL); + p11_test (test_directory_string, "/x509/directory-string"); + p11_test (test_directory_string_unknown, "/x509/directory-string-unknown"); + return p11_test_run (argc, argv); } diff --git a/config.guess b/config.guess index b79252d..1804e9f 100755 --- a/config.guess +++ b/config.guess @@ -1,8 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011, 2012, 2013 Free Software Foundation, Inc. -timestamp='2013-06-10' +timestamp='2012-12-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -24,7 +26,7 @@ timestamp='2013-06-10' # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # -# Originally written by Per Bothner. +# Originally written by Per Bothner. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD @@ -50,7 +52,9 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, +2012, 2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -132,27 +136,6 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "${UNAME_SYSTEM}" in -Linux|GNU|GNU/*) - # If the system lacks a compiler, then just pick glibc. - # We could probably try harder. - LIBC=gnu - - eval $set_cc_for_build - cat <<-EOF > $dummy.c - #include - #if defined(__UCLIBC__) - LIBC=uclibc - #elif defined(__dietlibc__) - LIBC=dietlibc - #else - LIBC=gnu - #endif - EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` - ;; -esac - # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -874,21 +857,21 @@ EOF exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -901,54 +884,59 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; - arc:Linux:*:* | arceb:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi + echo ${UNAME_MACHINE}-unknown-linux-gnueabi else - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf + echo ${UNAME_MACHINE}-unknown-linux-gnueabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo ${UNAME_MACHINE}-axis-linux-gnu exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} + LIBC=gnu + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #ifdef __dietlibc__ + LIBC=dietlibc + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build @@ -967,63 +955,54 @@ EOF #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} - exit ;; or32:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-${LIBC} + echo sparc-unknown-linux-gnu exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-${LIBC} + echo hppa64-unknown-linux-gnu exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; - PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; - *) echo hppa-unknown-linux-${LIBC} ;; + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-${LIBC} + echo powerpc64-unknown-linux-gnu exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-${LIBC} - exit ;; - ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-${LIBC} - exit ;; - ppcle:Linux:*:*) - echo powerpcle-unknown-linux-${LIBC} + echo powerpc-unknown-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux-${LIBC} + echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-${LIBC} + echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-unknown-linux-gnu exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1256,21 +1235,19 @@ EOF exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval $set_cc_for_build - if test "$UNAME_PROCESSOR" = unknown ; then - UNAME_PROCESSOR=powerpc - fi - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac - fi - fi + case $UNAME_PROCESSOR in + i386) + eval $set_cc_for_build + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + UNAME_PROCESSOR="x86_64" + fi + fi ;; + unknown) UNAME_PROCESSOR=powerpc ;; + esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) diff --git a/config.h.in b/config.h.in index 8ee8d98..85eba79 100644 --- a/config.h.in +++ b/config.h.in @@ -206,6 +206,9 @@ /* Print debug output */ #undef WITH_DEBUG +/* Use libffi for building closures */ +#undef WITH_FFI + /* More strict checks */ #undef WITH_STRICT diff --git a/config.sub b/config.sub index c765b34..52f04bc 100755 --- a/config.sub +++ b/config.sub @@ -1,8 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +# 2011, 2012, 2013 Free Software Foundation, Inc. -timestamp='2013-04-24' +timestamp='2012-12-29' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -68,7 +70,9 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, +2012, 2013 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -252,7 +256,7 @@ case $basic_machine in | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ - | arc | arceb \ + | arc \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ | be32 | be64 \ @@ -286,17 +290,16 @@ case $basic_machine in | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ - | mipsr5900 | mipsr5900el \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nds32 | nds32le | nds32be \ - | nios | nios2 | nios2eb | nios2el \ + | nios | nios2 \ | ns16k | ns32k \ | open8 \ - | or1k | or32 \ + | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ @@ -366,7 +369,7 @@ case $basic_machine in | aarch64-* | aarch64_be-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | be32-* | be64-* \ @@ -404,13 +407,12 @@ case $basic_machine in | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipsr5900-* | mipsr5900el-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* | nios2eb-* | nios2el-* \ + | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ | orion-* \ @@ -1352,7 +1354,7 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ - | -sym* | -kopensolaris* | -plan9* \ + | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ @@ -1498,6 +1500,9 @@ case $os in -aros*) os=-aros ;; + -kaos*) + os=-kaos + ;; -zvmoe) os=-zvmoe ;; @@ -1589,9 +1594,6 @@ case $basic_machine in mips*-*) os=-elf ;; - or1k-*) - os=-elf - ;; or32-*) os=-coff ;; diff --git a/configure b/configure index 95e4170..bb743ef 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for p11-kit 0.18.4. +# Generated by GNU Autoconf 2.69 for p11-kit 0.19.1. # # Report bugs to . # @@ -591,8 +591,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='p11-kit' PACKAGE_TARNAME='p11-kit' -PACKAGE_VERSION='0.18.4' -PACKAGE_STRING='p11-kit 0.18.4' +PACKAGE_VERSION='0.19.1' +PACKAGE_STRING='p11-kit 0.19.1' PACKAGE_BUGREPORT='https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue' PACKAGE_URL='http://p11-glue.freedesktop.org/p11-kit.html' @@ -664,13 +664,14 @@ GTKDOC_CHECK with_trust_paths WITH_TRUST_MODULE_FALSE WITH_TRUST_MODULE_TRUE +WITH_FFI_FALSE +WITH_FFI_TRUE +LIBFFI_LIBS +LIBFFI_CFLAGS WITH_ASN1_FALSE WITH_ASN1_TRUE LIBTASN1_LIBS LIBTASN1_CFLAGS -PKG_CONFIG_LIBDIR -PKG_CONFIG_PATH -PKG_CONFIG p11_module_path p11_user_config_modules p11_user_config_file @@ -681,6 +682,9 @@ p11_system_config_file p11_system_config OS_WIN32_FALSE OS_WIN32_TRUE +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG POSUB LTLIBINTL LIBINTL @@ -833,6 +837,7 @@ with_libintl_prefix with_system_config with_module_path with_libtasn1 +with_libffi enable_trust_module with_trust_paths with_html_dir @@ -856,7 +861,9 @@ PKG_CONFIG PKG_CONFIG_PATH PKG_CONFIG_LIBDIR LIBTASN1_CFLAGS -LIBTASN1_LIBS' +LIBTASN1_LIBS +LIBFFI_CFLAGS +LIBFFI_LIBS' # Initialize some variables set by options. @@ -1397,7 +1404,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures p11-kit 0.18.4 to adapt to many kinds of systems. +\`configure' configures p11-kit 0.19.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1467,7 +1474,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of p11-kit 0.18.4:";; + short | recursive ) echo "Configuration of p11-kit 0.19.1:";; esac cat <<\_ACEOF @@ -1519,6 +1526,7 @@ Optional Packages: --with-module-path Load modules with relative path names from here --without-libtasn1 Disable dependency on libtasn1 + --without-libffi Don't use libffi for building closures --with-trust-paths=[path]: input paths for trust module @@ -1543,6 +1551,9 @@ Some influential environment variables: C compiler flags for LIBTASN1, overriding pkg-config LIBTASN1_LIBS linker flags for LIBTASN1, overriding pkg-config + LIBFFI_CFLAGS + C compiler flags for LIBFFI, overriding pkg-config + LIBFFI_LIBS linker flags for LIBFFI, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -1611,7 +1622,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -p11-kit configure 0.18.4 +p11-kit configure 0.19.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2137,7 +2148,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by p11-kit $as_me 0.18.4, which was +It was created by p11-kit $as_me 0.19.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4331,7 +4342,7 @@ fi # Define the identity of the package. PACKAGE='p11-kit' - VERSION='0.18.4' + VERSION='0.19.1' cat >>confdefs.h <<_ACEOF @@ -4371,16 +4382,11 @@ mkdir_p='$(MKDIR_P)' # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' - -# We'll loop over all known methods to create a tar archive until one works. -_am_tools='gnutar pax cpio none' - am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' - depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 @@ -14694,6 +14700,126 @@ fi + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi + LINGUAS="" @@ -16519,126 +16645,6 @@ if test "${with_libtasn1+set}" = set; then : fi - - - - - - - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PKG_CONFIG=$ac_cv_path_PKG_CONFIG -if test -n "$PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 -$as_echo "$PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_PKG_CONFIG"; then - ac_pt_PKG_CONFIG=$PKG_CONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG -if test -n "$ac_pt_PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 -$as_echo "$ac_pt_PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_pt_PKG_CONFIG" = x; then - PKG_CONFIG="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - PKG_CONFIG=$ac_pt_PKG_CONFIG - fi -else - PKG_CONFIG="$ac_cv_path_PKG_CONFIG" -fi - -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=0.9.0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 -$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - PKG_CONFIG="" - fi -fi if test "$with_libtasn1" != "no"; then : @@ -16735,6 +16741,153 @@ fi # -------------------------------------------------------------------- +# libffi + + +# Check whether --with-libffi was given. +if test "${with_libffi+set}" = set; then : + withval=$with_libffi; +fi + + +if test "$with_libffi" != "no"; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBFFI" >&5 +$as_echo_n "checking for LIBFFI... " >&6; } + +if test -n "$LIBFFI_CFLAGS"; then + pkg_cv_LIBFFI_CFLAGS="$LIBFFI_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libffi >= 3.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libffi >= 3.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBFFI_CFLAGS=`$PKG_CONFIG --cflags "libffi >= 3.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBFFI_LIBS"; then + pkg_cv_LIBFFI_LIBS="$LIBFFI_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libffi >= 3.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libffi >= 3.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBFFI_LIBS=`$PKG_CONFIG --libs "libffi >= 3.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBFFI_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libffi >= 3.0.0" 2>&1` + else + LIBFFI_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libffi >= 3.0.0" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBFFI_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (libffi >= 3.0.0) were not met: + +$LIBFFI_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables LIBFFI_CFLAGS +and LIBFFI_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables LIBFFI_CFLAGS +and LIBFFI_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + LIBFFI_CFLAGS=$pkg_cv_LIBFFI_CFLAGS + LIBFFI_LIBS=$pkg_cv_LIBFFI_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + +cat >>confdefs.h <<_ACEOF +#define WITH_FFI 1 +_ACEOF + + + + + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $LIBFFI_CFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + #if FFI_CLOSURES + #else + #error no closures + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + as_fn_error $? "the libffi on this system has no support for closures." "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS="$SAVE_CFLAGS" + + with_libffi="yes" +fi + + if test "$with_libffi" = "yes"; then + WITH_FFI_TRUE= + WITH_FFI_FALSE='#' +else + WITH_FFI_TRUE='#' + WITH_FFI_FALSE= +fi + + +# -------------------------------------------------------------------- # Trust Module # Check whether --enable-trust-module was given. @@ -17437,17 +17590,7 @@ _ACEOF break done -case "$host" in -*-*-darwin*) - # It seems like libtool lies about this see: - # https://bugs.freedesktop.org/show_bug.cgi?id=57714 - SHLEXT='.so' - ;; -*) - eval SHLEXT=$shrext_cmds - ;; -esac - +eval SHLEXT=$shrext_cmds cat >>confdefs.h <<_ACEOF #define SHLEXT "$SHLEXT" @@ -17458,7 +17601,7 @@ _ACEOF privatedir='${libdir}/p11-kit' -ac_config_files="$ac_config_files Makefile build/Makefile build/certs/Makefile common/Makefile common/tests/Makefile doc/Makefile doc/manual/Makefile doc/manual/version.xml po/Makefile.in p11-kit/Makefile p11-kit/tests/Makefile p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example tools/Makefile tools/tests/Makefile trust/Makefile trust/p11-kit-extract-trust trust/tests/Makefile" +ac_config_files="$ac_config_files Makefile build/Makefile build/certs/Makefile common/Makefile common/tests/Makefile doc/Makefile doc/manual/Makefile doc/manual/version.xml po/Makefile.in p11-kit/Makefile p11-kit/tests/Makefile p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example tools/Makefile tools/p11-kit-extract-trust tools/tests/Makefile trust/Makefile trust/tests/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -17614,6 +17757,10 @@ if test -z "${WITH_ASN1_TRUE}" && test -z "${WITH_ASN1_FALSE}"; then as_fn_error $? "conditional \"WITH_ASN1\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${WITH_FFI_TRUE}" && test -z "${WITH_FFI_FALSE}"; then + as_fn_error $? "conditional \"WITH_FFI\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${WITH_TRUST_MODULE_TRUE}" && test -z "${WITH_TRUST_MODULE_FALSE}"; then as_fn_error $? "conditional \"WITH_TRUST_MODULE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -18039,7 +18186,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by p11-kit $as_me 0.18.4, which was +This file was extended by p11-kit $as_me 0.19.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18106,7 +18253,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -p11-kit config.status 0.18.4 +p11-kit config.status 0.19.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -18537,9 +18684,9 @@ do "p11-kit/p11-kit-1.pc") CONFIG_FILES="$CONFIG_FILES p11-kit/p11-kit-1.pc" ;; "p11-kit/pkcs11.conf.example") CONFIG_FILES="$CONFIG_FILES p11-kit/pkcs11.conf.example" ;; "tools/Makefile") CONFIG_FILES="$CONFIG_FILES tools/Makefile" ;; + "tools/p11-kit-extract-trust") CONFIG_FILES="$CONFIG_FILES tools/p11-kit-extract-trust" ;; "tools/tests/Makefile") CONFIG_FILES="$CONFIG_FILES tools/tests/Makefile" ;; "trust/Makefile") CONFIG_FILES="$CONFIG_FILES trust/Makefile" ;; - "trust/p11-kit-extract-trust") CONFIG_FILES="$CONFIG_FILES trust/p11-kit-extract-trust" ;; "trust/tests/Makefile") CONFIG_FILES="$CONFIG_FILES trust/tests/Makefile" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; @@ -19188,7 +19335,7 @@ $as_echo X"$mf" | DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` - test -z "$am__include" && continue + test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the @@ -20030,6 +20177,7 @@ trust_status=$(echo "$with_trust_paths" | sed -e "s/:/$indent/g") Load relative module paths from: $p11_module_path With libtasn1 dependency: $with_libtasn1 + With libffi: $with_libffi Build trust module: $enable_trust_module Trust module paths: $trust_status @@ -20049,6 +20197,7 @@ $as_echo "$as_me: build options: Load relative module paths from: $p11_module_path With libtasn1 dependency: $with_libtasn1 + With libffi: $with_libffi Build trust module: $enable_trust_module Trust module paths: $trust_status diff --git a/configure.ac b/configure.ac index 298fb10..b09e122 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,7 @@ AC_PREREQ(2.61) AC_INIT([p11-kit], - [0.18.4], + [0.19.1], [https://bugs.freedesktop.org/enter_bug.cgi?product=p11-glue], [p11-kit], [http://p11-glue.freedesktop.org/p11-kit.html]) @@ -36,6 +36,7 @@ dnl Checks for programs. AC_PROG_CC AC_PROG_CPP AM_PROG_CC_C_O +PKG_PROG_PKG_CONFIG LINGUAS="" AM_GNU_GETTEXT([external], [need-ngettext]) @@ -156,6 +157,35 @@ AS_IF([test "$with_libtasn1" != "no"], [ AM_CONDITIONAL(WITH_ASN1, test "$with_libtasn1" = "yes") # -------------------------------------------------------------------- +# libffi + +AC_ARG_WITH([libffi], + AS_HELP_STRING([--without-libffi], + [Don't use libffi for building closures])) + +if test "$with_libffi" != "no"; then + PKG_CHECK_MODULES(LIBFFI, [libffi >= 3.0.0]) + AC_DEFINE_UNQUOTED(WITH_FFI, 1, [Use libffi for building closures]) + AC_SUBST(LIBFFI_CFLAGS) + AC_SUBST(LIBFFI_LIBS) + + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $LIBFFI_CFLAGS" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include ], + [ #if FFI_CLOSURES + #else + #error no closures + #endif + ])], + [], [AC_MSG_ERROR([the libffi on this system has no support for closures.])]) + CFLAGS="$SAVE_CFLAGS" + + with_libffi="yes" +fi + +AM_CONDITIONAL(WITH_FFI, test "$with_libffi" = "yes") + +# -------------------------------------------------------------------- # Trust Module AC_ARG_ENABLE([trust-module], @@ -398,17 +428,7 @@ echo $PACKAGE_VERSION | tr '.' ' ' | while read major minor unused; do break done -case "$host" in -*-*-darwin*) - # It seems like libtool lies about this see: - # https://bugs.freedesktop.org/show_bug.cgi?id=57714 - SHLEXT='.so' - ;; -*) - eval SHLEXT=$shrext_cmds - ;; -esac - +eval SHLEXT=$shrext_cmds AC_DEFINE_UNQUOTED(SHLEXT, ["$SHLEXT"], [File extension for shared libraries]) AC_SUBST(SHLEXT) @@ -429,9 +449,9 @@ AC_CONFIG_FILES([Makefile p11-kit/p11-kit-1.pc p11-kit/pkcs11.conf.example tools/Makefile + tools/p11-kit-extract-trust tools/tests/Makefile trust/Makefile - trust/p11-kit-extract-trust trust/tests/Makefile ]) AC_OUTPUT @@ -454,6 +474,7 @@ AC_MSG_NOTICE([build options: Load relative module paths from: $p11_module_path With libtasn1 dependency: $with_libtasn1 + With libffi: $with_libffi Build trust module: $enable_trust_module Trust module paths: $trust_status diff --git a/depcomp b/depcomp index 4ebd5b3..06b0882 100755 --- a/depcomp +++ b/depcomp @@ -1,7 +1,7 @@ #! /bin/sh # depcomp - compile a program generating dependencies as side-effects -scriptversion=2013-05-30.07; # UTC +scriptversion=2012-10-18.11; # UTC # Copyright (C) 1999-2013 Free Software Foundation, Inc. @@ -552,7 +552,6 @@ $ { G p }' >> "$depfile" - echo >> "$depfile" # make sure the fragment doesn't end with a backslash rm -f "$tmpdepfile" ;; diff --git a/doc/Makefile.in b/doc/Makefile.in index 884056e..adc16ee 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.13.4 from Makefile.am. +# Makefile.in generated by automake 1.13.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,51 +14,23 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -225,6 +197,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ @@ -385,12 +359,13 @@ clean-libtool: # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): - @fail=; \ - if $(am__make_keepgoing); then \ - failcom='fail=yes'; \ - else \ - failcom='exit 1'; \ - fi; \ + @fail= failcom='exit 1'; \ + for f in x $$MAKEFLAGS; do \ + case $$f in \ + *=* | --[!k]*);; \ + *k*) failcom='fail=yes';; \ + esac; \ + done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am index cf4e49d..e306fb1 100644 --- a/doc/manual/Makefile.am +++ b/doc/manual/Makefile.am @@ -52,14 +52,18 @@ IGNORE_HFILES= \ conf.h \ debug.h \ dict.h \ - mock-module.h \ + log.h \ + mock.h \ + modules.h \ pkcs11.h \ pkcs11x.h \ private.h \ + proxy.h \ util.h \ + virtual.h \ array.h \ compat.h \ - mock-module.h + $(NULL) # Images to copy into HTML directory. # e.g. HTML_IMAGES=$(top_srcdir)/gtk/stock-icons/stock_about_24.png @@ -69,6 +73,7 @@ HTML_IMAGES= # e.g. content_files=running.sgml building.sgml changes-2.0.sgml content_files=p11-kit-config.xml p11-kit-sharing.xml \ p11-kit-devel.xml \ + p11-kit-proxy.xml \ p11-kit-trust.xml \ p11-kit.xml \ pkcs11.conf.xml \ diff --git a/doc/manual/Makefile.in b/doc/manual/Makefile.in index 6a30a4a..2bb89d9 100644 --- a/doc/manual/Makefile.in +++ b/doc/manual/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.13.4 from Makefile.am. +# Makefile.in generated by automake 1.13.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2012 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,51 +20,23 @@ # Everything below here is generic # #################################### VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ +am__make_dryrun = \ + { \ + am__dry=no; \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -204,6 +176,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LCOV = @LCOV@ LD = @LD@ LDFLAGS = @LDFLAGS@ +LIBFFI_CFLAGS = @LIBFFI_CFLAGS@ +LIBFFI_LIBS = @LIBFFI_LIBS@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ @@ -368,14 +342,18 @@ IGNORE_HFILES = \ conf.h \ debug.h \ dict.h \ - mock-module.h \ + log.h \ + mock.h \ + modules.h \ pkcs11.h \ pkcs11x.h \ private.h \ + proxy.h \ util.h \ + virtual.h \ array.h \ compat.h \ - mock-module.h + $(NULL) # Images to copy into HTML directory. @@ -386,6 +364,7 @@ HTML_IMAGES = # e.g. content_files=running.sgml building.sgml changes-2.0.sgml content_files = p11-kit-config.xml p11-kit-sharing.xml \ p11-kit-devel.xml \ + p11-kit-proxy.xml \ p11-kit-trust.xml \ p11-kit.xml \ pkcs11.conf.xml \ @@ -817,7 +796,7 @@ scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB) fi @touch scan-build.stamp -$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt: scan-build.stamp +$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES): scan-build.stamp @true #### xml #### diff --git a/doc/manual/html/ch01s03.html b/doc/manual/html/ch01s03.html index 6a18829..2a4aaa1 100644 --- a/doc/manual/html/ch01s03.html +++ b/doc/manual/html/ch01s03.html @@ -8,7 +8,7 @@ - + @@ -21,7 +21,7 @@

-Configuration Files

+Configuration Files

A complete configuration consists of several files. These files are text files. Since p11-kit is built to be used in all sorts of environments and at very low levels of the software stack, we @@ -32,6 +32,6 @@

- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/config-example.html b/doc/manual/html/config-example.html index 5dac0f1..cbffa5e 100644 --- a/doc/manual/html/config-example.html +++ b/doc/manual/html/config-example.html @@ -8,7 +8,7 @@ - + @@ -68,6 +68,6 @@ critical: yes
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/config.html b/doc/manual/html/config.html index 90b4291..6284bee 100644 --- a/doc/manual/html/config.html +++ b/doc/manual/html/config.html @@ -8,7 +8,7 @@ - + @@ -44,6 +44,6 @@
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/devel-building-style.html b/doc/manual/html/devel-building-style.html index 8ed0019..f773a30 100644 --- a/doc/manual/html/devel-building-style.html +++ b/doc/manual/html/devel-building-style.html @@ -8,7 +8,7 @@ - + @@ -53,6 +53,6 @@
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/devel-building.html b/doc/manual/html/devel-building.html index 2ebcede..c3d96d4 100644 --- a/doc/manual/html/devel-building.html +++ b/doc/manual/html/devel-building.html @@ -8,7 +8,7 @@ - + @@ -78,6 +78,9 @@ $ make install

In addition p11-kit has several optional dependencies. If these are not available during the build, then certain features will be disabled.

    +

  • libffi1 for shoring of PKCS#11 modules + between multiple callers in the same process. It is highly recommended that + this dependency be treated as a required dependency.

  • gtk-doc is required to build the reference manual. Use --enable-doc to control this dependency.

    • @@ -154,6 +157,6 @@ $ make install
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/devel-commands.html b/doc/manual/html/devel-commands.html index 52dd6b8..73b6cf0 100644 --- a/doc/manual/html/devel-commands.html +++ b/doc/manual/html/devel-commands.html @@ -8,7 +8,7 @@ - + @@ -40,6 +40,6 @@
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/devel-debugging.html b/doc/manual/html/devel-debugging.html index 12725fa..276902c 100644 --- a/doc/manual/html/devel-debugging.html +++ b/doc/manual/html/devel-debugging.html @@ -7,7 +7,7 @@ - + @@ -30,6 +30,6 @@
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/devel-paths.html b/doc/manual/html/devel-paths.html index 5e293a6..3c93ace 100644 --- a/doc/manual/html/devel-paths.html +++ b/doc/manual/html/devel-paths.html @@ -8,7 +8,7 @@ - + @@ -55,6 +55,6 @@ $ pkg-config p11-kit-1 --variable p11_module_path<
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/devel-testing.html b/doc/manual/html/devel-testing.html index aa5b891..f28ac41 100644 --- a/doc/manual/html/devel-testing.html +++ b/doc/manual/html/devel-testing.html @@ -8,7 +8,7 @@ - + @@ -42,6 +42,6 @@
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/devel.html b/doc/manual/html/devel.html index 2814d0c..fb6968d 100644 --- a/doc/manual/html/devel.html +++ b/doc/manual/html/devel.html @@ -6,14 +6,14 @@ - + - + - + @@ -54,6 +54,6 @@
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/index.html b/doc/manual/html/index.html index 17fa4bb..ee383a1 100644 --- a/doc/manual/html/index.html +++ b/doc/manual/html/index.html @@ -6,7 +6,7 @@ - + @@ -14,7 +14,7 @@
-

for p11-kit 0.18.4 +

for p11-kit 0.19.1

@@ -29,9 +29,9 @@
Sharing PKCS#11 modules
Multiple consumers of PKCS#11 in a process
-
Solution: p11-kit
-
Solution: proxy module
+
Managed modules
+
Proxy Module
Trust Policy Module
Paths loaded by the Module
@@ -65,6 +65,9 @@
Future — Future Unstable API
+
+Deprecated — Deprecated functions +
API Index
Annotation Glossary
@@ -91,6 +94,6 @@
- Generated by GTK-Doc V1.19
+ Generated by GTK-Doc V1.18 \ No newline at end of file diff --git a/doc/manual/html/index.sgml b/doc/manual/html/index.sgml index 877907d..a6b8101 100644 --- a/doc/manual/html/index.sgml +++ b/doc/manual/html/index.sgml @@ -2,21 +2,29 @@ + - - - - - - - - - + + + + + + + + + + + + + + + + @@ -94,6 +102,7 @@ + @@ -103,7 +112,6 @@ - @@ -121,6 +129,20 @@ + + + + + + + + + + + + + + diff --git a/doc/manual/html/p11-kit-Deprecated.html b/doc/manual/html/p11-kit-Deprecated.html new file mode 100644 index 0000000..afc1c7f --- /dev/null +++ b/doc/manual/html/p11-kit-Deprecated.html @@ -0,0 +1,441 @@ + + + + +Deprecated + + + + + + + + + + + + + + + + + + + +
+
+
+ + +
+

Deprecated

+

Deprecated — Deprecated functions

+
+
+

Synopsis

+
CK_RV               p11_kit_initialize_registered       (void);
+CK_RV               p11_kit_finalize_registered         (void);
+CK_FUNCTION_LIST_PTR * p11_kit_registered_modules       (void);
+char *              p11_kit_registered_module_to_name   (CK_FUNCTION_LIST_PTR module);
+CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module  (const char *name);
+char *              p11_kit_registered_option           (CK_FUNCTION_LIST_PTR module,
+                                                         const char *field);
+CK_RV               p11_kit_initialize_module           (CK_FUNCTION_LIST_PTR module);
+CK_RV               p11_kit_load_initialize_module      (const char *module_path,
+                                                         CK_FUNCTION_LIST_PTR *module);
+CK_RV               p11_kit_finalize_module             (CK_FUNCTION_LIST_PTR module);
+#define             P11_KIT_DEPRECATED_FOR              (f)
+
+
+
+

Description

+

+These functions have been deprecated from p11-kit and are not recommended for +general usage. In large part they were deprecated because they did not adequately +insulate multiple callers of a PKCS#11 module from another, and could not +support the 'managed' mode needed to do this. +

+
+
+

Details

+
+

p11_kit_initialize_registered ()

+
CK_RV               p11_kit_initialize_registered       (void);
+
+

Warning

+

p11_kit_initialize_registered is deprecated and should not be used in newly-written code. Since: 0.19.0: Use p11_kit_modules_load() instead.

+
+

+Initialize all the registered PKCS#11 modules. +

+

+If this is the first time this function is called multiple times +consecutively within a single process, then it merely increments an +initialization reference count for each of these modules. +

+

+Use p11_kit_finalize_registered() to finalize these registered modules once +the caller is done with them. +

+

+If this function fails, then an error message will be available via the +p11_kit_message() function. +

+
++++ + + + + +

Returns :

CKR_OK if the initialization succeeded, or an error code.
+
+
+
+

p11_kit_finalize_registered ()

+
CK_RV               p11_kit_finalize_registered         (void);
+
+

Warning

+

p11_kit_finalize_registered is deprecated and should not be used in newly-written code. Since 0.19.0: Use p11_kit_modules_release() instead.

+
+

+Finalize all the registered PKCS#11 modules. These should have been +initialized with p11_kit_initialize_registered(). +

+

+If p11_kit_initialize_registered() has been called more than once in this +process, then this function must be called the same number of times before +actual finalization will occur. +

+

+If this function fails, then an error message will be available via the +p11_kit_message() function. +

+
++++ + + + + +

Returns :

CKR_OK if the finalization succeeded, or an error code.
+
+
+
+

p11_kit_registered_modules ()

+
CK_FUNCTION_LIST_PTR * p11_kit_registered_modules       (void);
+
+

Warning

+

p11_kit_registered_modules is deprecated and should not be used in newly-written code. Since 0.19.0: Use p11_kit_modules_load() instead.

+
+

+Get a list of all the registered PKCS#11 modules. This list will be valid +once the p11_kit_initialize_registered() function has been called. +

+

+The returned value is a NULL terminated array of +CK_FUNCTION_LIST_PTR pointers. +

+

+The returned modules are unmanaged. +

+
++++ + + + + +

Returns :

A list of all the registered modules. Use the free() function to +free the list.
+
+
+
+

p11_kit_registered_module_to_name ()

+
char *              p11_kit_registered_module_to_name   (CK_FUNCTION_LIST_PTR module);
+
+

Warning

+

p11_kit_registered_module_to_name is deprecated and should not be used in newly-written code. Since 0.19.0: Use p11_kit_module_get_name() instead.

+
+

+Get the name of a registered PKCS#11 module. +

+

+You can use p11_kit_registered_modules() to get a list of all the registered +modules. This name is specified by the registered module configuration. +

+
++++ + + + + + + + + + + +

module :

pointer to a registered module

Returns :

A newly allocated string containing the module name, or +NULL if no such registered module exists. Use free() to +free this string.
+
+
+
+

p11_kit_registered_name_to_module ()

+
CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module  (const char *name);
+
+

Warning

+

p11_kit_registered_name_to_module is deprecated and should not be used in newly-written code. Since 0.19.0: Use p11_kit_module_for_name() instead.

+
+

+Lookup a registered PKCS#11 module by its name. This name is specified by +the registered module configuration. +

+
++++ + + + + + + + + + + +

name :

name of a registered module

Returns :

a pointer to a PKCS#11 module, or NULL if this name was +not found.
+
+
+
+

p11_kit_registered_option ()

+
char *              p11_kit_registered_option           (CK_FUNCTION_LIST_PTR module,
+                                                         const char *field);
+
+

Warning

+

p11_kit_registered_option is deprecated and should not be used in newly-written code. Since 0.19.0: Use p11_kit_config_option() instead.

+
+

+Lookup a configured option for a registered PKCS#11 module. If a +NULL module argument is specified, then this will lookup +the configuration option in the global config file. +

+
++++ + + + + + + + + + + + + + + +

module :

a pointer to a registered module

field :

the name of the option to lookup.

Returns :

A newly allocated string containing the option value, or +NULL if the registered module or the option were not found. +Use free() to free the returned string.
+
+
+
+

p11_kit_initialize_module ()

+
CK_RV               p11_kit_initialize_module           (CK_FUNCTION_LIST_PTR module);
+
+

Warning

+

p11_kit_initialize_module is deprecated and should not be used in newly-written code. Since 0.19.0: Use p11_kit_module_initialize() instead.

+
+

+Initialize an arbitrary PKCS#11 module. Normally using the +p11_kit_initialize_registered() is preferred. +

+

+Using this function to initialize modules allows coordination between +multiple users of the same module in a single process. It should be called +on modules that have been loaded (with dlopen() for example) but not yet +initialized. The caller should not yet have called the module's +C_Initialize method. This function will call +C_Initialize as necessary. +

+

+Subsequent calls to this function for the same module will result in an +initialization count being incremented for the module. It is safe (although +usually unnecessary) to use this function on registered modules. +

+

+The module must be finalized with p11_kit_finalize_module() instead of +calling its C_Finalize method directly. +

+

+This function does not accept a CK_C_INITIALIZE_ARGS argument. +Custom initialization arguments cannot be supported when multiple consumers +load the same module. +

+

+If this function fails, then an error message will be available via the +p11_kit_message() function. +

+
++++ + + + + + + + + + + +

module :

loaded module to initialize.

Returns :

CKR_OK if the initialization was successful.
+
+
+
+

p11_kit_load_initialize_module ()

+
CK_RV               p11_kit_load_initialize_module      (const char *module_path,
+                                                         CK_FUNCTION_LIST_PTR *module);
+
+

Warning

+

p11_kit_load_initialize_module is deprecated and should not be used in newly-written code. Since 0.19.0: Use p11_kit_module_load() instead.

+
+

+Load an arbitrary PKCS#11 module from a dynamic library file, and +initialize it. Normally using the p11_kit_initialize_registered() function +is preferred. +

+

+Using this function to load and initialize modules allows coordination between +multiple users of the same module in a single process. The caller should not +call the module's C_Initialize method. This function will call +C_Initialize as necessary. +

+

+If a module has already been loaded, then use of this function is unnecesasry. +Instead use the p11_kit_initialize_module() function to initialize it. +

+

+Subsequent calls to this function for the same module will result in an +initialization count being incremented for the module. It is safe (although +usually unnecessary) to use this function on registered modules. +

+

+The module must be finalized with p11_kit_finalize_module() instead of +calling its C_Finalize method directly. +

+

+This function does not accept a CK_C_INITIALIZE_ARGS argument. +Custom initialization arguments cannot be supported when multiple consumers +load the same module. +

+

+If this function fails, then an error message will be available via the +p11_kit_message() function. +

+
++++ + + + + + + + + + + + + + + +

module_path :

full file path of module library

module :

location to place loaded module pointer

Returns :

CKR_OK if the initialization was successful.
+
+
+
+

p11_kit_finalize_module ()

+
CK_RV               p11_kit_finalize_module             (CK_FUNCTION_LIST_PTR module);
+
+

Warning

+

p11_kit_finalize_module is deprecated and should not be used in newly-written code. Since 0.19.0: Use p11_kit_module_finalize() and + p11_kit_module_release() instead.

+
+

+Finalize an arbitrary PKCS#11 module. The module must have been initialized +using p11_kit_initialize_module(). In most cases callers will want to use +p11_kit_finalize_registered() instead of this function. +

+

+Using this function to finalize modules allows coordination between +multiple users of the same module in a single process. The caller should not +call the module's C_Finalize method. This function will call +C_Finalize as necessary. +

+

+If the module was initialized more than once, then this function will +decrement an initialization count for the module. When the count reaches zero +the module will be truly finalized. It is safe (although usually unnecessary) +to use this function on registered modules if (and only if) they were +initialized using p11_kit_initialize_module() for some reason. +

+

+If this function fails, then an error message will be available via the +p11_kit_message() function. +

+
++++ + + + + + + + + + + +

module :

loaded module to finalize.

Returns :

CKR_OK if the finalization was successful.
+
+
+
+

P11_KIT_DEPRECATED_FOR()

+
#define P11_KIT_DEPRECATED_FOR(f) __attribute__((deprecated("Use " #f " instead")))
+
+
+
+
+
+
+ Generated by GTK-Doc V1.18
+ + \ No newline at end of file diff --git a/doc/manual/html/p11-kit-Future.html b/doc/manual/html/p11-kit-Future.html index 58594f2..1e3c7a7 100644 --- a/doc/manual/html/p11-kit-Future.html +++ b/doc/manual/html/p11-kit-Future.html @@ -7,8 +7,8 @@ - - + + @@ -18,7 +18,7 @@ Up Home p11-kit -Next +Next Top @@ -40,7 +40,6 @@ 
void                p11_kit_set_progname                (const char *progname);
 void                p11_kit_be_quiet                    (void);
 void                p11_kit_be_loud                     (void);
-const char *        p11_kit_message                     (void);
 void                (*p11_kit_destroyer)                (void *data);
 typedef             P11KitIter;
 P11KitIter *        p11_kit_iter_new                    (P11KitUri *uri);
@@ -126,31 +125,6 @@ This is the default behavior, but can be changed using 
-
p11_kit_message ()

-
const char *        p11_kit_message                     (void);

-

-Gets the failure message for a recently called p11-kit function, which
-returned a failure code on this thread. Not all functions set this message.
-Each function that does so, will note it in its documentation.
-

-

-If the most recent p11-kit function did not fail, then this will return NULL.
-The string is owned by the p11-kit library and is only valid on the same
-thread that the failed function executed on.
-

-

----
-
-
-
-
-




Returns :
The last failure message, or NULL.

-
-

-

 
p11_kit_destroyer ()

 
void                (*p11_kit_destroyer)                (void *data);

 

@@ -708,6 +682,6 @@ or callbacks held by the iterator.
 

 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/p11-kit-Modules.html b/doc/manual/html/p11-kit-Modules.html
index 5471ff5..ca7f34d 100644
--- a/doc/manual/html/p11-kit-Modules.html
+++ b/doc/manual/html/p11-kit-Modules.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -37,17 +37,28 @@
 
 

 
Synopsis

-
CK_RV               p11_kit_initialize_registered       (void);
-CK_RV               p11_kit_finalize_registered         (void);
-CK_FUNCTION_LIST_PTR * p11_kit_registered_modules       (void);
-char *              p11_kit_registered_module_to_name   (CK_FUNCTION_LIST_PTR module);
-CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module  (const char *name);
-char *              p11_kit_registered_option           (CK_FUNCTION_LIST_PTR module,
-                                                         const char *field);
-CK_RV               p11_kit_initialize_module           (CK_FUNCTION_LIST_PTR module);
-CK_RV               p11_kit_load_initialize_module      (const char *module_path,
-                                                         CK_FUNCTION_LIST_PTR *module);
-CK_RV               p11_kit_finalize_module             (CK_FUNCTION_LIST_PTR module);
+
#define             P11_KIT_MODULE_CRITICAL
+#define             P11_KIT_MODULE_UNMANAGED
+CK_FUNCTION_LIST ** p11_kit_modules_load_and_initialize (int flags);
+void                p11_kit_modules_finalize_and_release
+                                                        (CK_FUNCTION_LIST **modules);
+CK_FUNCTION_LIST ** p11_kit_modules_load                (const char *reserved,
+                                                         int flags);
+CK_RV               p11_kit_modules_initialize          (CK_FUNCTION_LIST **modules,
+                                                         p11_kit_destroyer failure_callback);
+CK_RV               p11_kit_modules_finalize            (CK_FUNCTION_LIST **modules);
+void                p11_kit_modules_release             (CK_FUNCTION_LIST **modules);
+CK_FUNCTION_LIST *  p11_kit_module_load                 (const char *module_path,
+                                                         int flags);
+CK_RV               p11_kit_module_initialize           (CK_FUNCTION_LIST *module);
+CK_RV               p11_kit_module_finalize             (CK_FUNCTION_LIST *module);
+void                p11_kit_module_release              (CK_FUNCTION_LIST *module);
+CK_FUNCTION_LIST *  p11_kit_module_for_name             (CK_FUNCTION_LIST **modules,
+                                                         const char *name);
+char *              p11_kit_module_get_name             (CK_FUNCTION_LIST *module);
+int                 p11_kit_module_get_flags            (CK_FUNCTION_LIST *module);
+char *              p11_kit_config_option               (CK_FUNCTION_LIST *module,
+                                                         const char *option);
 

 

 

@@ -58,86 +69,125 @@ crypto objects (like keys and certificates) and to perform crypto operations.
 

 

 In order for applications to behave consistently with regard to the user's
-installed PKCS#11 modules, each module must be registered so that applications
+installed PKCS#11 modules, each module must be configured so that applications
 or libraries know that they should load it.
 

 

-The functions here provide support for initializing registered modules. The
-p11_kit_initialize_registered() function should be used to load and initialize
-the registered modules. When done, the p11_kit_finalize_registered() function
-should be used to release those modules and associated resources.
+When multiple consumers of a module (such as libraries or applications) are
+in the same process, coordination of the initialization and finalization
+of PKCS#11 modules is required. To do this modules are managed by p11-kit.
+This means that various unsafe methods are coordinated between callers. Unmanaged
+modules are simply the raw PKCS#11 module pointers without p11-kit getting in the
+way. It is highly recommended that the default managed behavior is used.
 

 

-In addition p11_kit_registered_option() can be used to access other parts
-of the module configuration.
+The functions here provide support for initializing configured modules. The
+p11_kit_modules_load() function should be used to load and initialize
+the configured modules. When done, the p11_kit_modules_release() function
+should be used to release those modules and associated resources.
 

 

-When multiple consumers of a module (such as libraries or applications) are
-in the same process, coordination of the initialization and finalization
-of PKCS#11 modules is required. The functions here automatically provide
-initialization reference counting to make this work.
+In addition p11_kit_config_option() can be used to access other parts
+of the module configuration.
 

 

 If a consumer wishes to load an arbitrary PKCS#11 module that's not
-registered, that module should be initialized with p11_kit_initialize_module()
-and finalized with p11_kit_finalize_module(). The module's own
-C_Initialize and C_Finalize methods should not
-be called directly.
+configured use p11_kit_module_load() to do so. And use p11_kit_module_release()
+to later release it.
 

 

 Modules are represented by a pointer to their CK_FUNCTION_LIST
-entry points. This means that callers can load modules elsewhere, using
-dlopen() for example, and then still use these methods on them.
+entry points.
 

 

 

 
Details

 

-
p11_kit_initialize_registered ()

-
CK_RV               p11_kit_initialize_registered       (void);

+
P11_KIT_MODULE_CRITICAL

+
#define P11_KIT_MODULE_CRITICAL 1
+

+

+Flag to load a module in 'critical' mode. Failure to load a critical module
+will prevent all other modules from loading. A failure when loading a
+non-critical module skips that module.
+

+

+

+

+
P11_KIT_MODULE_UNMANAGED

+
#define P11_KIT_MODULE_UNMANAGED 1
+

 

-Initialize all the registered PKCS#11 modules.
+Module is loaded in non 'managed' mode. This is not recommended,
+disables many features, and prevents coordination between multiple
+callers of the same module.
 

+

+

+

+
p11_kit_modules_load_and_initialize ()

+
CK_FUNCTION_LIST ** p11_kit_modules_load_and_initialize (int flags);

 

-If this is the first time this function is called multiple times
-consecutively within a single process, then it merely increments an
-initialization reference count for each of these modules.
+Load and initialize configured modules.
 

 

-Use p11_kit_finalize_registered() to finalize these registered modules once
-the caller is done with them.
+If a critical module fails to load or initialize then the function will
+return NULL. Non-critical modules will be skipped
+and not included in the returned module list.
 

 

-If this function fails, then an error message will be available via the
-p11_kit_message() function.
+Use p11_kit_modules_finalize_and_release() when you're done with the
+modules returned by this function.
 

 

-
+
+
+
+
+
+
-
-
+
+
+

 
 
 
 
flags :
flags to use to load the modules

 
Returns :
CKR_OK if the initialization succeeded, or an error code.
a NULL terminated list of modules, or
+NULL on failure

 

 

 

 

-
p11_kit_finalize_registered ()

-
CK_RV               p11_kit_finalize_registered         (void);

+
p11_kit_modules_finalize_and_release ()

+
void                p11_kit_modules_finalize_and_release
+                                                        (CK_FUNCTION_LIST **modules);

 

-Finalize all the registered PKCS#11 modules. These should have been
-initialized with p11_kit_initialize_registered().
+Finalize and then release the a set of loaded PKCS#11 modules.
 

 

-If p11_kit_initialize_registered() has been called more than once in this
-process, then this function must be called the same number of times before
-actual finalization will occur.
+The modules may be either managed or unmanaged. The array containing
+the module pointers is also freed by this function.
 

 

-If this function fails, then an error message will be available via the
-p11_kit_message() function.
+Modules are released even if their finalization returns an error code.
+Managed modules will not be actually finalized or released until all
+callers using them have done so.
+

+

+For managed modules the C_Finalize function
+is overridden so that multiple callers can finalize the same
+modules. In addition for managed modules multiple callers can
+finalize from different threads, and still guarantee consistent
+thread-safe behavior.
+

+

+For unmanaged modules if multiple callers try to finalize
+a module, then one of the calls will return
+CKR_CRYPTOKI_NOT_INITIALIZED according to the
+PKCS#11 specification. In addition there are no guarantees that
+thread-safe behavior will occur if multiple callers initialize from
+different threads.
 

 
@@ -145,45 +195,112 @@ If this function fails, then an error message will be available via the
 
-
-
+
+

 

 
 
Returns :
CKR_OK if the finalization succeeded, or an error code.
modules :
the modules to release
 

 

 

 

 

-
p11_kit_registered_modules ()

-
CK_FUNCTION_LIST_PTR * p11_kit_registered_modules       (void);

+
p11_kit_modules_load ()

+
CK_FUNCTION_LIST ** p11_kit_modules_load                (const char *reserved,
+                                                         int flags);

+

+Load the configured PKCS#11 modules.
+

+

+If flags contains the P11_KIT_MODULE_UNMANAGED flag, then the
+modules will be not be loaded in 'managed' mode regardless of its
+configuration. This is not recommended for general usage.
+

+

+If flags contains the P11_KIT_MODULE_CRITICAL flag then the
+modules will all be treated as 'critical', regardless of the module
+configuration. This means that a failure to load any module will
+cause this funtion to fail.
+

 

-Get a list of all the registered PKCS#11 modules. This list will be valid
-once the p11_kit_initialize_registered() function has been called.
+For unmanaged modules there is no guarantee to the state of the
+modules. Other callers may be using the modules. Using unmanaged
+modules haphazardly is not recommended for this reason. Some
+modules (such as those configured with RPC) cannot be loaded in
+unmanaged mode, and will be skipped.
 

 

-The returned value is a NULL terminated array of
-CK_FUNCTION_LIST_PTR pointers.
+Use p11_kit_modules_release() to release the modules returned by
+this function.
+

+

+If this function fails, then an error message will be available via the
+p11_kit_message() function.
 

 

-
+
+
+
+
+
+
+
+
+
+
-
-
+
+
+

 
 
 
 
reserved :
set to NULL
+
flags :
flags to use to load the module

 
Returns :
A list of all the registered modules. Use the free() function to
-free the list.
a null terminated list of modules represented as PKCS#11
+function lists, or NULL on failure

 

 

 

 

-
p11_kit_registered_module_to_name ()

-
char *              p11_kit_registered_module_to_name   (CK_FUNCTION_LIST_PTR module);

+
p11_kit_modules_initialize ()

+
CK_RV               p11_kit_modules_initialize          (CK_FUNCTION_LIST **modules,
+                                                         p11_kit_destroyer failure_callback);

+

+Initialize all the modules in the modules list by calling their
+C_Initialize function.
+

+

+For managed modules the C_Initialize function
+is overridden so that multiple callers can initialize the same
+modules. In addition for managed modules multiple callers can
+initialize from different threads, and still guarantee consistent
+thread-safe behavior.
+

+

+For unmanaged modules if multiple callers try to initialize
+a module, then one of the calls will return
+CKR_CRYPTOKI_ALREADY_INITIALIZED according to the
+PKCS#11 specification. In addition there are no guarantees that
+thread-safe behavior will occur if multiple callers initialize from
+different threads.
+

 

-Get the name of a registered PKCS#11 module.
+When a module fails to initialize it is removed from the modules list.
+If the failure_callback is not NULL then it is called with the modules that
+fail to initialize. For example, you may pass p11_kit_module_release()
+as a failure_callback if the modules list was loaded wit p11_kit_modules_load().
 

 

-You can use p11_kit_registered_modules() to get a list of all the registered
-modules. This name is specified by the registered module configuration.
+The return value will return the failure code of the last critical
+module that failed to initialize. Non-critical module failures do not affect
+the return value. If no critical modules failed to initialize then the
+return value will be CKR_OK.
+

+

+When modules are removed, the list will be NULL terminated at the
+appropriate place so it can continue to be used as a modules list.
+

+

+This function does not accept a CK_C_INITIALIZE_ARGS argument.
+Custom initialization arguments cannot be supported when multiple consumers
+load the same module.
 

 
@@ -192,25 +309,50 @@ modules. This name is specified by the registered module configuration.
 
-
-
+
+
+
+
+
+
-
+

 

 
 
module :
pointer to a registered module
modules :
a NULL terminated list of modules
failure_callback :
called with modules that fail to initialize
 

 

 
Returns :
A newly allocated string containing the module name, or
-NULL if no such registered module exists. Use free() to
-free this string.
+CKR_OK or the failure code of the last critical
+module that failed to initialize.
 

 
 

 

 

 

-
p11_kit_registered_name_to_module ()

-
CK_FUNCTION_LIST_PTR p11_kit_registered_name_to_module  (const char *name);

+
p11_kit_modules_finalize ()

+
CK_RV               p11_kit_modules_finalize            (CK_FUNCTION_LIST **modules);

 

-Lookup a registered PKCS#11 module by its name. This name is specified by
-the registered module configuration.
+Finalize each module in the modules list by calling its
+C_Finalize function. Regardless of failures, all
+modules will have their C_Finalize function called.
+

+

+If a module returns a failure from its C_Finalize
+method it will be returned. If multiple modules fail, the last failure
+will be returned.
+

+

+For managed modules the C_Finalize function
+is overridden so that multiple callers can finalize the same
+modules. In addition for managed modules multiple callers can
+finalize from different threads, and still guarantee consistent
+thread-safe behavior.
+

+

+For unmanaged modules if multiple callers try to finalize
+a module, then one of the calls will return
+CKR_CRYPTOKI_NOT_INITIALIZED according to the
+PKCS#11 specification. In addition there are no guarantees that
+thread-safe behavior will occur if multiple callers finalize from
+different threads.
 

 
@@ -219,26 +361,73 @@ the registered module configuration.
 
-
-
+
+
-
+

 

 
 
name :
name of a registered module
modules :
a NULL terminated list of modules
 

 

 
Returns :
a pointer to a PKCS#11 module, or NULL if this name was
-not found.
+CKR_OK or the failure code of the last
+module that failed to finalize
 

 
 

 

 

 

-
p11_kit_registered_option ()

-
char *              p11_kit_registered_option           (CK_FUNCTION_LIST_PTR module,
-                                                         const char *field);

+
p11_kit_modules_release ()

+
void                p11_kit_modules_release             (CK_FUNCTION_LIST **modules);

+

+Release the a set of loaded PKCS#11 modules.
+

+

+The modules may be either managed or unmanaged. The array containing
+the module pointers is also freed by this function.
+

+

+Managed modules will not be actually released until all
+callers using them have done so. If the modules were initialized, they
+should have been finalized first.
+

+

++++
+
+
+
+
+




modules :
the modules to release

+

+

+

+
p11_kit_module_load ()

+
CK_FUNCTION_LIST *  p11_kit_module_load                 (const char *module_path,
+                                                         int flags);

+

+Load an arbitrary PKCS#11 module from a dynamic library file, and
+initialize it. Normally using the p11_kit_modules_load() function
+is preferred.
+

+

+Using this function to load modules allows coordination between multiple
+callers of the same module in a single process. If flags contains the
+P11_KIT_MODULE_UNMANAGED flag, then the modules will be not be loaded
+in 'managed' mode and not be coordinated. This is not recommended
+for general usage.
+

+

+Subsequent calls to this function for the same module will result in an
+initialization count being incremented for the module. It is safe (although
+usually unnecessary) to use this function on registered modules.
+

 

-Lookup a configured option for a registered PKCS#11 module. If a
-NULL module argument is specified, then this will lookup
-the configuration option in the global config file.
+The module should be released with p11_kit_module_release().
+

+

+If this function fails, then an error message will be available via the
+p11_kit_message() function.
 

 
@@ -247,56 +436,48 @@ the configuration option in the global config file.
 
-
-
+
+
-
-
+
+
-
+

 

 
 
module :
a pointer to a registered module
module_path :
full file path of module library
 

 
field :
the name of the option to lookup.
flags :
flags to use when loading the module
 

 

 
Returns :
A newly allocated string containing the option value, or
-NULL if the registered module or the option were not found.
-Use free() to free the returned string.the loaded module PKCS#11 functions or NULL on failure
 

 
 

 

 

 

-
p11_kit_initialize_module ()

-
CK_RV               p11_kit_initialize_module           (CK_FUNCTION_LIST_PTR module);

+
p11_kit_module_initialize ()

+
CK_RV               p11_kit_module_initialize           (CK_FUNCTION_LIST *module);

 

-Initialize an arbitrary PKCS#11 module. Normally using the
-p11_kit_initialize_registered() is preferred.
+Initialize a PKCS#11 module by calling its C_Initialize
+function.
 

 

-Using this function to initialize modules allows coordination between
-multiple users of the same module in a single process. It should be called
-on modules that have been loaded (with dlopen() for example) but not yet
-initialized. The caller should not yet have called the module's
-C_Initialize method. This function will call
-C_Initialize as necessary.
+For managed modules the C_Initialize function
+is overridden so that multiple callers can initialize the same
+modules. In addition for managed modules multiple callers can
+initialize from different threads, and still guarantee consistent
+thread-safe behavior.
 

 

-Subsequent calls to this function for the same module will result in an
-initialization count being incremented for the module. It is safe (although
-usually unnecessary) to use this function on registered modules.
-

-

-The module must be finalized with p11_kit_finalize_module() instead of
-calling its C_Finalize method directly.
+For unmanaged modules if multiple callers try to initialize
+a module, then one of the calls will return
+CKR_CRYPTOKI_ALREADY_INITIALIZED according to the
+PKCS#11 specification. In addition there are no guarantees that
+thread-safe behavior will occur if multiple callers initialize from
+different threads.
 

 

 This function does not accept a CK_C_INITIALIZE_ARGS argument.
 Custom initialization arguments cannot be supported when multiple consumers
 load the same module.
 

-

-If this function fails, then an error message will be available via the
-p11_kit_message() function.
-

 
@@ -305,52 +486,96 @@ If this function fails, then an error message will be available via the
 
-
+
-
+

 
 

 

 
module :
loaded module to initialize.the module to initialize
 

 

 
Returns :
CKR_OK if the initialization was successful.
+CKR_OK or a failure code
 

 
 

 

 

 

-
p11_kit_load_initialize_module ()

-
CK_RV               p11_kit_load_initialize_module      (const char *module_path,
-                                                         CK_FUNCTION_LIST_PTR *module);

+
p11_kit_module_finalize ()

+
CK_RV               p11_kit_module_finalize             (CK_FUNCTION_LIST *module);

 

-Load an arbitrary PKCS#11 module from a dynamic library file, and
-initialize it. Normally using the p11_kit_initialize_registered() function
-is preferred.
+Finalize a PKCS#11 module by calling its C_Finalize
+function.
 

 

-Using this function to load and initialize modules allows coordination between
-multiple users of the same module in a single process. The caller should not
-call the module's C_Initialize method. This function will call
-C_Initialize as necessary.
+For managed modules the C_Finalize function
+is overridden so that multiple callers can finalize the same
+modules. In addition for managed modules multiple callers can
+finalize from different threads, and still guarantee consistent
+thread-safe behavior.
 

 

-If a module has already been loaded, then use of this function is unnecesasry.
-Instead use the p11_kit_initialize_module() function to initialize it.
+For unmanaged modules if multiple callers try to finalize
+a module, then one of the calls will return
+CKR_CRYPTOKI_NOT_INITIALIZED according to the
+PKCS#11 specification. In addition there are no guarantees that
+thread-safe behavior will occur if multiple callers finalize from
+different threads.
 

+

++++
+
+
+
+
+
+
+
+
+
+
+




module :
the module to finalize
Returns :

+CKR_OK or a failure code

+

+

+

+
p11_kit_module_release ()

+
void                p11_kit_module_release              (CK_FUNCTION_LIST *module);

 

-Subsequent calls to this function for the same module will result in an
-initialization count being incremented for the module. It is safe (although
-usually unnecessary) to use this function on registered modules.
+Release the a loaded PKCS#11 modules.
 

 

-The module must be finalized with p11_kit_finalize_module() instead of
-calling its C_Finalize method directly.
+The module may be either managed or unmanaged. The C_Finalize
+function will be called if no other callers are using this module.
 

+

++++
+
+
+
+
+




module :
the module to release

+

+

+

+
p11_kit_module_for_name ()

+
CK_FUNCTION_LIST *  p11_kit_module_for_name             (CK_FUNCTION_LIST **modules,
+                                                         const char *name);

 

-This function does not accept a CK_C_INITIALIZE_ARGS argument.
-Custom initialization arguments cannot be supported when multiple consumers
-load the same module.
+Look through the list of modules and return the module whose name
+matches.
 

 

-If this function fails, then an error message will be available via the
-p11_kit_message() function.
+Only configured modules have names. Configured modules are loaded by
+p11_kit_modules_load(). The module passed to this function can be either
+managed or unmanaged.
+

+

+The return value is not copied or duplicated in anyway. It is still
+'owned' by the modules list.
 

 
@@ -359,45 +584,102 @@ If this function fails, then an error message will be available via the
 
-
-
+
+
+
+
+
+
+
+
+
+
+

 

 
 
module_path :
full file path of module library
modules :
a list of modules to look through
name :
the name of the module to find
 

 
Returns :
the module which matches the name, or NULL if no match.

+

+

+

+
p11_kit_module_get_name ()

+
char *              p11_kit_module_get_name             (CK_FUNCTION_LIST *module);

+

+Get the configured name of the PKCS#11 module.
+

+

+Configured modules are loaded by p11_kit_modules_load(). The module
+passed to this function can be either managed or unmanaged. Non
+configured modules will return NULL.
+

+

+Use free() to release the return value when you're done with it.
+

+

++++
+
+
-
+
-
+





 
module :
location to place loaded module pointerpointer to a loaded module
 

 

 
Returns :
CKR_OK if the initialization was successful.a newly allocated string containing the module name, or
+NULL if the module is not a configured module
 

 
 

 

 

 

-
p11_kit_finalize_module ()

-
CK_RV               p11_kit_finalize_module             (CK_FUNCTION_LIST_PTR module);

+
p11_kit_module_get_flags ()

+
int                 p11_kit_module_get_flags            (CK_FUNCTION_LIST *module);

+

+Get the flags for this module.
+

 

-Finalize an arbitrary PKCS#11 module. The module must have been initialized
-using p11_kit_initialize_module(). In most cases callers will want to use
-p11_kit_finalize_registered() instead of this function.
+The P11_KIT_MODULE_UNMANAGED flag will be set if the module is not
+managed by p11-kit. It is a raw PKCS#11 module function list.
 

 

-Using this function to finalize modules allows coordination between
-multiple users of the same module in a single process. The caller should
-call the module's C_Finalize method. This function will call
-C_Finalize as necessary.
+The P11_KIT_MODULE_CRITICAL flag will be set if the module is configured
+to be critical, and not be skipped over if it fails to initialize or
+load. This flag is also set for modules that are not configured, but have
+been loaded in another fashion.
+

+

++++
+
+
+
+
+
+
+
+
+
+
+




module :
the module
Returns :
the flags for the module

+

+

+

+
p11_kit_config_option ()

+
char *              p11_kit_config_option               (CK_FUNCTION_LIST *module,
+                                                         const char *option);

+

+Retrieve the value for a configured option.
 

 

-If the module was initialized more than once, then this function will
-decrement an initialization count for the module. When the count reaches zero
-the module will be truly finalized. It is safe (although usually unnecessary)
-to use this function on registered modules if (and only if) they were
-initialized using p11_kit_initialize_module() for some reason.
+If module is NULL, then the global option with the given name will
+be retrieved. Otherwise module should point to a configured loaded module.
+If no such option or configured module exists, then NULL will be returned.
 

 

-If this function fails, then an error message will be available via the
-p11_kit_message() function.
+Use free() to release the returned value.
 

 
@@ -407,11 +689,16 @@ If this function fails, then an error message will be available via the
 
-
+
+
+
+
+
-
+

 

 

 
module :
loaded module to finalize.the module to retrieve the option for, or NULL for global options
option :
the option to retrieve
 

 

 
Returns :
CKR_OK if the finalization was successful.the option value or NULL
+
 

 
 

@@ -420,6 +707,6 @@ If this function fails, then an error message will be available via the
 

 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18

 
 
\ No newline at end of file
diff --git a/doc/manual/html/p11-kit-PIN-Callbacks.html b/doc/manual/html/p11-kit-PIN-Callbacks.html
index ea79642..c6a4af3 100644
--- a/doc/manual/html/p11-kit-PIN-Callbacks.html
+++ b/doc/manual/html/p11-kit-PIN-Callbacks.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -780,6 +780,6 @@ could not be read
 
 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/p11-kit-URIs.html b/doc/manual/html/p11-kit-URIs.html
index bd8b3c1..0cfa4b9 100644
--- a/doc/manual/html/p11-kit-URIs.html
+++ b/doc/manual/html/p11-kit-URIs.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -918,6 +918,6 @@ Unexpected memory allocation failure result. Same as 
 

-          Generated by GTK-Doc V1.19
+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/p11-kit-Utilities.html b/doc/manual/html/p11-kit-Utilities.html
index 87f7e43..12d4c43 100644
--- a/doc/manual/html/p11-kit-Utilities.html
+++ b/doc/manual/html/p11-kit-Utilities.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -38,6 +38,7 @@
 

 
Synopsis

 
const char *        p11_kit_strerror                    (CK_RV rv);
+const char *        p11_kit_message                     (void);
 char *              p11_kit_space_strdup                (const unsigned char *string,
                                                          size_t max_length);
 size_t              p11_kit_space_strlen                (const unsigned char *string,
@@ -78,6 +79,31 @@ pass CKR_OK or other such non errors to this function.
 

 

 

+
p11_kit_message ()

+
const char *        p11_kit_message                     (void);

+

+Gets the failure message for a recently called p11-kit function, which
+returned a failure code on this thread. Not all functions set this message.
+Each function that does so, will note it in its documentation.
+

+

+If the most recent p11-kit function did not fail, then this will return NULL.
+The string is owned by the p11-kit library and is only valid on the same
+thread that the failed function executed on.
+

+

++++
+
+
+
+
+




Returns :
The last failure message, or NULL.

+

+

+

 
p11_kit_space_strdup ()

 
char *              p11_kit_space_strdup                (const unsigned char *string,
                                                          size_t max_length);

@@ -191,6 +217,6 @@ The string will never be longer than this buffer.
 

 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/p11-kit.devhelp2 b/doc/manual/html/p11-kit.devhelp2
index 033a3cd..d5ab196 100644
--- a/doc/manual/html/p11-kit.devhelp2
+++ b/doc/manual/html/p11-kit.devhelp2
@@ -9,9 +9,9 @@
     
     
       
-      
-      
+      
     
+    
     
       
       
@@ -28,6 +28,7 @@
       
       
       
+      
       
       
     
@@ -49,15 +50,22 @@
     
   
   
-    
-    
-    
-    
-    
-    
-    
-    
-    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
     
     
     
@@ -103,12 +111,12 @@
     
     
     
+    
     
     
     
     
     
-    
     
     
     
@@ -126,6 +134,16 @@
     
     
     
+    
+    
+    
+    
+    
+    
+    
+    
+    
+    
     
     
     
diff --git a/doc/manual/html/p11-kit.html b/doc/manual/html/p11-kit.html
index 930eeb0..26efd8b 100644
--- a/doc/manual/html/p11-kit.html
+++ b/doc/manual/html/p11-kit.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -35,7 +35,7 @@
 	

 
 

-
Description

+
Description

 
p11-kit is a command line tool that
 	can be used to perform operations on PKCS#11 modules configured on the
 	system.

@@ -61,7 +61,7 @@
 

 
 

-
List Modules

+
List Modules

 
List system configured PKCS#11 modules.

 
 $ p11-kit list-modules
@@ -70,7 +70,7 @@ $ p11-kit list-modules
 	the PKCS#11 modules will be displayed.

 

 

-
Extract

+
Extract

 
Extract certificates from configured PKCS#11 modules.

 
 $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/directory
@@ -225,7 +225,7 @@ $ p11-kit extract --format=x509-directory --filter=ca-certificates /path/to/dire
 

 
 

-
Extract Trust

+
Extract Trust

 
Extract standard trust information files.

 
 $ p11-kit extract-trust
@@ -238,7 +238,7 @@ $ p11-kit extract-trust
 	customize this command.

 

 

-
Bugs

+
Bugs

 

     Please send bug reports to either the distribution bug tracker
     or the upstream bug tracker at
@@ -246,7 +246,7 @@ $ p11-kit extract-trust
   

 

 

-
See also

+
See also

 pkcs11.conf(5)

     Further details available in the p11-kit online documentation at
     http://p11-glue.freedesktop.org/doc/p11-kit/.
@@ -255,6 +255,6 @@ $ p11-kit extract-trust
 

 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/pkcs11.conf.html b/doc/manual/html/pkcs11.conf.html
index e7c84e7..a48fb93 100644
--- a/doc/manual/html/pkcs11.conf.html
+++ b/doc/manual/html/pkcs11.conf.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -29,7 +29,7 @@
 
 
 

-
Description

+
Description

 
The pkcs11.conf configuration files are a standard
 	way to configure PKCS#11 modules.

 

@@ -123,6 +123,15 @@ x-custom : text
 
 
 
+
managed:

+
+
Set to no if the module is not to be managed by
+			p11-kit. Making a module unmanaged is not recommended, and will cause
+			problems if multiple callers in a single process share a PKCS#11 module.

+
This argument is optonal and defaults to yes.

+
+
+
 
priority:

 
 
The value should be an integer. When lists of modules are
@@ -140,6 +149,14 @@ x-custom : text
 
Set to yes to use use this module as a source
 			of trust policy information such as certificate anchors and black lists.

 
+
+
log-calls:

+
+
Set to yes to write a log to stderr of all the
+			calls into the module. This is only supported for managed modules.

+
This argument is optonal and defaults to no.

+
+
 
 
 
Do not specify both enable-in and disable-in
@@ -159,12 +176,36 @@ x-custom : text
 
 
 
-
+
+
 
user-config:

 
This will be equal to one of the following values:
 		none, merge,
 		only.

-
+
+
+
managed:

+
+
Set to yes or no to
+			force all modules to be managed or unmanaged by p11-kit. Setting this
+			setting in a global configuration file will override the
+			managed setting in the individual module configuration
+			files. Making modules unmanaged is not recommended, and will cause
+			problems if multiple callers in a single process share a PKCS#11
+			module.

+
This argument is optonal.

+
+
+
+
log-calls:

+
+
Set to yes to write a log to stderr of all the
+			calls into all configured modules. This is only supported for managed
+			modules.

+
This argument is optional.

+
+
+
 
 
Other fields may be present, but it is recommended that field names
 	that are not specified in this document start with a x-
@@ -191,7 +232,7 @@ x-custom : text
 	pkg-config.

 
 

-
See also

+
See also

 p11-kit(8)
Further details available in the p11-kit online documentation at
 	http://p11-glue.freedesktop.org/doc/p11-kit/.
 	

@@ -199,6 +240,6 @@ x-custom : text
 

 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/reference.html b/doc/manual/html/reference.html
index 8491af9..8e3f790 100644
--- a/doc/manual/html/reference.html
+++ b/doc/manual/html/reference.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -38,6 +38,9 @@
 

 Future — Future Unstable API
 

+

+Deprecated — Deprecated functions
+

 
API Index

 
Annotation Glossary

 
@@ -78,23 +81,31 @@
 
 

 

+p11_kit_config_option, function in Modules
+

+

+

+P11_KIT_DEPRECATED_FOR, macro in Deprecated
+

+

+

 p11_kit_destroyer, user_function in Future
 

 

 

-p11_kit_finalize_module, function in Modules
+p11_kit_finalize_module, function in Deprecated
 

 

 

-p11_kit_finalize_registered, function in Modules
+p11_kit_finalize_registered, function in Deprecated
 

 

 

-p11_kit_initialize_module, function in Modules
+p11_kit_initialize_module, function in Deprecated
 

 

 

-p11_kit_initialize_registered, function in Modules
+p11_kit_initialize_registered, function in Deprecated
 

 

 

@@ -158,11 +169,71 @@
 

 

 

-p11_kit_load_initialize_module, function in Modules
+p11_kit_load_initialize_module, function in Deprecated
+

+

+

+p11_kit_message, function in Utilities
+

+

+

+p11_kit_modules_finalize, function in Modules
+

+

+

+p11_kit_modules_finalize_and_release, function in Modules
+

+

+

+p11_kit_modules_initialize, function in Modules
+

+

+

+p11_kit_modules_load, function in Modules
+

+

+

+p11_kit_modules_load_and_initialize, function in Modules
+

+

+

+p11_kit_modules_release, function in Modules
+

+

+

+P11_KIT_MODULE_CRITICAL, macro in Modules
+

+

+

+p11_kit_module_finalize, function in Modules
+

+

+

+p11_kit_module_for_name, function in Modules
+

+

+

+p11_kit_module_get_flags, function in Modules
+

+

+

+p11_kit_module_get_name, function in Modules
+

+

+

+p11_kit_module_initialize, function in Modules
+

+

+

+p11_kit_module_load, function in Modules
+

+

+

+p11_kit_module_release, function in Modules
 

 

 

-p11_kit_message, function in Future
+P11_KIT_MODULE_UNMANAGED, macro in Modules
 

 

 

@@ -222,19 +293,19 @@
 

 

 

-p11_kit_registered_modules, function in Modules
+p11_kit_registered_modules, function in Deprecated
 

 

 

-p11_kit_registered_module_to_name, function in Modules
+p11_kit_registered_module_to_name, function in Deprecated
 

 

 

-p11_kit_registered_name_to_module, function in Modules
+p11_kit_registered_name_to_module, function in Deprecated
 

 

 

-p11_kit_registered_option, function in Modules
+p11_kit_registered_option, function in Deprecated
 

 

 

@@ -382,6 +453,6 @@
 
 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/sharing-initialize.html b/doc/manual/html/sharing-initialize.html
deleted file mode 100644
index 469d96e..0000000
--- a/doc/manual/html/sharing-initialize.html
+++ /dev/null
@@ -1,44 +0,0 @@
-
-
-
-
-Solution: p11-kit
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-

-Solution: p11-kit

-
p11-kit provides functions to
-		coordinate initialization and finalization of any PKCS#11
-		module. A module may be initialized any number of times using
-		the p11_kit_initialize_module() function. The first time that
-		p11_kit_initialize_module() is called for a module, that module's
-		C_Initialize function is used. Later invocations for the same
-		module cause p11-kit to increment an internal initialization
-		count, rather than calling C_Initialize again.

-
The p11_kit_finalize_module() is used to finalize a module.
-		Each time it is called it decrements the internal initialization
-		count for that module. When the internal initialization count
-		reaches zero, the module's C_Finalize function is called.

-
This is done in a thread-safe manner. These functions can
-		be used on modules that the consumer loads themselves.

-

-

-

-          Generated by GTK-Doc V1.19

-
-
\ No newline at end of file
diff --git a/doc/manual/html/sharing-managed.html b/doc/manual/html/sharing-managed.html
new file mode 100644
index 0000000..581d137
--- /dev/null
+++ b/doc/manual/html/sharing-managed.html
@@ -0,0 +1,75 @@
+
+
+
+
+Managed modules
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

+

+Managed modules

+
p11-kit wraps PKCS#11 modules to manage
+		them and customize their functionality so that they are able
+		to be shared between multiple callers in the same process.

+
Each caller that uses the
+		p11_kit_modules_load()
+		or p11_kit_module_load()
+		function gets independent wrapped PKCS#11 module(s). This is unless a caller
+		or module configuration specifies that a module should be used in an
+		unmanaged fashion.

+
When modules are managed, the following aspects are wrapped and
+		coordinated:

+
    
+
  • 
+
    Calls to C_Initialize and
+			C_Finalize can be called by multiple
+			callers.
    
+
    The first time that the managed module
+			C_Initialize is called, the PKCS#11 module's actual
+			C_Initialize function is called. Subsequent calls by
+			other callers will cause p11-kit to increment an
+			internal initialization count, rather than calling
+			C_Initialize again.
    
+
    Multiple callers can call the managed
+			C_Initialize function concurrently from different
+			threads and p11-kit will guarantee that this managed
+			in a thread-safe manner.
    
+
    • 
+
  • 
+
    When the managed module C_Finalize is used
+			to finalize a module, each time it is called it decrements the internal
+			initialization count for that module. When the internal initialization
+			count reaches zero, the module's actual C_Finalize
+			function is called.
    
+
    Multiple callers can call the managed C_Finalize
+			function concurrently from different threads and p11-kit
+			will guarantee that this managed in a thread-safe manner.
    
+
    • 
+
  • Call to C_CloseAllSessions only close the
+			sessions that the caller of the managed module has opened. This allows the
+			C_CloseAllSessions function to be used without closing
+			sessions for other callers of the same PKCS#11 module.
    • 
+
  • Managed modules have ability to log PKCS#11 method calls for debugging
+			purposes. See the log-calls = yes
+			module configuration option.
    • 
+

+

+

+

+          Generated by GTK-Doc V1.18

+
+
\ No newline at end of file
diff --git a/doc/manual/html/sharing-module.html b/doc/manual/html/sharing-module.html
deleted file mode 100644
index c4f9ccc..0000000
--- a/doc/manual/html/sharing-module.html
+++ /dev/null
@@ -1,50 +0,0 @@
-
-
-
-
-Solution: proxy module
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

-

-Solution: proxy module

-
When an application is aware of the fact that coordination
-		is necessary between multiple consumers of a PKCS#11 module, it
-		can link to p11-kit and use the functions there to provide
-		this coordination.

-
However most current consumers of PKCS#11 are ignorant of
-		this problem, and do not link to p11-kit. In order to solve this
-		multiple initialization problem for all applications,
-		p11-kit provides a proxy compatibility
-		module.

-
This proxy module acts like a normal PKCS#11 module, but
-		internally loads a preconfigured set of PKCS#11 modules and
-		coordinates their initialization and finalization. Each slot
-		in the configured modules is exposed as a slot of the
-		p11-kit proxy module. The proxy module is
-		then used as a normal PKCS#11 module would be. It can be loaded by
-		crypto libraries like NSS and behaves as expected.

-
The proxy module bends the PKCS#11 rules slightly. It does
-		not return the CKR_CRYPTOKI_ALREADY_INITIALIZED
-		error code as specified in PKCS#11. However this is a small
-		price to pay for this compatibility.

-

-

-

-          Generated by GTK-Doc V1.19

-
-
\ No newline at end of file
diff --git a/doc/manual/html/sharing.html b/doc/manual/html/sharing.html
index 82d67b8..583e0ef 100644
--- a/doc/manual/html/sharing.html
+++ b/doc/manual/html/sharing.html
@@ -2,66 +2,48 @@
 
 
 
-Sharing PKCS#11 modules
+Proxy Module
 
 
 
-
-
-
+
+
+
 
 
 
 
-
+
-
+
 

 

-Sharing PKCS#11 modules

-

-
Multiple consumers of PKCS#11 in a process

-
Solution: p11-kit

-
Solution: proxy module

-

-

-

-Multiple consumers of PKCS#11 in a process

-
As more and more applications and libraries use PKCS#11 we run
-		into a very basic problem. The PKCS#11 modules cannot be initialized and
-		finalized properly without coordination between the various consumers.
-		

-
An example: An application might use GnuTLS for
-		TLS connections, and use libgcr for display of certificates. Both of
-		these want to load (and initialze) the same PKCS#11 modules. There are
-		many places where this situation occurs, including large applications
-		like Evolution which due to their dependencies end up using both NSS and
-		GnuTLS.

-
Consumer A loads a PKCS#11 module and uses the module's
-		C_Initialize function to initialize it, which works as expected.
-		When consumer B initializes the module (also using C_Initialize),
-		the error code CKR_CRYPTOKI_ALREADY_INITIALIZED
-		is correctly returned. This is normal PKCS#11 specification
-		defined behavior for when a module is initalized twice in the
-		same process. If consumer B is aware of this situation they may
-		choose to ignore this error code.

-
However when the consumer A is done with its use of the
-		PKCS#11 module it finalizes the module using the module's
-		C_Finalize function. This is expected of a well behaved PKCS#11
-		consumer. This then causes errors and/or crashes for consumer B,
-		which cannot know that the module has now been finalized out
-		from underneath it.

-
It is necessary for the two consumers to coordinate their
-		initialization and finalization in some fashion. In
-		p11-kit we provide this coordination in a
-		loosely coupled, backwards compatible, and flexible way.

-

+Proxy Module

+
When an application is aware of the fact that coordination
+	is necessary between multiple consumers of a PKCS#11 module, and wants
+	to load standard configured PKCS#11 modules, it can link to
+	p11-kit and use the functions there to provide this
+	functionality.

+
However most current consumers of PKCS#11 are ignorant of
+	this problem, and do not link to p11-kit. In order to solve this
+	multiple initialization problem for all applications,
+	p11-kit provides a proxy compatibility
+	module.

+
This proxy module acts like a normal PKCS#11 module, but
+	internally loads a preconfigured set of PKCS#11 modules and
+	manages their features as described earlier. Each slot in the configured modules
+	is exposed as a slot of the p11-kit proxy module. The proxy
+	module is then used as a normal PKCS#11 module would be. It can be loaded by
+	crypto libraries like NSS and behaves as expected.

+
The C_GetFunctionList exported entry point of the
+	proxy module returns a new managed PKCS#11 module each time it is called. These
+	managed instances are released when the proxy module is unloaded.

 
 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/tools.html b/doc/manual/html/tools.html
index bc66f25..48e8a27 100644
--- a/doc/manual/html/tools.html
+++ b/doc/manual/html/tools.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -33,6 +33,6 @@
 
 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/trust-disable.html b/doc/manual/html/trust-disable.html
index af1d381..2b49b1c 100644
--- a/doc/manual/html/trust-disable.html
+++ b/doc/manual/html/trust-disable.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -40,6 +40,6 @@
 
 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/trust-glib-networking.html b/doc/manual/html/trust-glib-networking.html
index c1b29c8..b746478 100644
--- a/doc/manual/html/trust-glib-networking.html
+++ b/doc/manual/html/trust-glib-networking.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -30,6 +30,6 @@
 
 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/trust-nss.html b/doc/manual/html/trust-nss.html
index a8ce944..98f6547 100644
--- a/doc/manual/html/trust-nss.html
+++ b/doc/manual/html/trust-nss.html
@@ -8,7 +8,7 @@
 
 
 
-
+
 
 
 
@@ -36,6 +36,6 @@
 
 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
 
 
\ No newline at end of file
diff --git a/doc/manual/html/trust.html b/doc/manual/html/trust.html
index c7a72cb..d42dc5a 100644
--- a/doc/manual/html/trust.html
+++ b/doc/manual/html/trust.html
@@ -6,14 +6,14 @@
 
 
 
-
+
 
-
+
 
 
 
 
-
+
@@ -89,6 +89,6 @@ $ pkg-config --variable p11_trust_paths p11-kit-1
 

 

-          Generated by GTK-Doc V1.19

+          Generated by GTK-Doc V1.18
\ No newline at end of file
diff --git a/doc/manual/p11-kit-devel.xml b/doc/manual/p11-kit-devel.xml
index 96db868..873aff1 100644
--- a/doc/manual/p11-kit-devel.xml
+++ b/doc/manual/p11-kit-devel.xml
@@ -149,6 +149,9 @@ $ make install
 			during the build, then certain features will be disabled.
+				libffi1 for shoring of PKCS#11 modules
+				between multiple callers in the same process. It is highly recommended that
+				this dependency be treated as a required dependency.
 				gtk-doc is required to build the reference
 				manual. Use --enable-doc to control this
 				dependency.
diff --git a/doc/manual/p11-kit-docs.xml b/doc/manual/p11-kit-docs.xml
index 0397169..5acfb97 100644
--- a/doc/manual/p11-kit-docs.xml
+++ b/doc/manual/p11-kit-docs.xml
@@ -13,6 +13,7 @@
 
 	
 	
+	
 	
 
 	
@@ -28,6 +29,7 @@
 		
 		
 		
+		
 
 		
 			API Index
diff --git a/doc/manual/p11-kit-proxy.xml b/doc/manual/p11-kit-proxy.xml
new file mode 100644
index 0000000..7cc3615
--- /dev/null
+++ b/doc/manual/p11-kit-proxy.xml
@@ -0,0 +1,29 @@
+
+
+
+	Proxy Module
+
+	When an application is aware of the fact that coordination
+	is necessary between multiple consumers of a PKCS#11 module, and wants
+	to load standard configured PKCS#11 modules, it can link to
+	p11-kit and use the functions there to provide this
+	functionality.
+
+	However most current consumers of PKCS#11 are ignorant of
+	this problem, and do not link to p11-kit. In order to solve this
+	multiple initialization problem for all applications,
+	p11-kit provides a proxy compatibility
+	module.
+
+	This proxy module acts like a normal PKCS#11 module, but
+	internally loads a preconfigured set of PKCS#11 modules and
+	manages their features as described earlier. Each slot in the configured modules
+	is exposed as a slot of the p11-kit proxy module. The proxy
+	module is then used as a normal PKCS#11 module would be. It can be loaded by
+	crypto libraries like NSS and behaves as expected.
+
+	The C_GetFunctionList exported entry point of the
+	proxy module returns a new managed PKCS#11 module each time it is called. These
+	managed instances are released when the proxy module is unloaded.
+
diff --git a/doc/manual/p11-kit-sections.txt b/doc/manual/p11-kit-sections.txt
index dc85f2d..5ccba7c 100644
--- a/doc/manual/p11-kit-sections.txt
+++ b/doc/manual/p11-kit-sections.txt
@@ -52,20 +52,28 @@ p11_kit_pin_file_callback
 
 

 p11-kit
-p11_kit_initialize_registered
-p11_kit_finalize_registered
-p11_kit_registered_modules
-p11_kit_registered_module_to_name
-p11_kit_registered_name_to_module
-p11_kit_registered_option
-p11_kit_initialize_module
-p11_kit_load_initialize_module
-p11_kit_finalize_module
+P11_KIT_MODULE_CRITICAL
+P11_KIT_MODULE_UNMANAGED
+p11_kit_modules_load_and_initialize
+p11_kit_modules_finalize_and_release
+p11_kit_modules_load
+p11_kit_modules_initialize
+p11_kit_modules_finalize
+p11_kit_modules_release
+p11_kit_module_load
+p11_kit_module_initialize
+p11_kit_module_finalize
+p11_kit_module_release
+p11_kit_module_for_name
+p11_kit_module_get_name
+p11_kit_module_get_flags
+p11_kit_config_option
 

 
 

 p11-kit-util
 p11_kit_strerror
+p11_kit_message
 p11_kit_space_strdup
 p11_kit_space_strlen
 
@@ -85,7 +93,6 @@ p11_kit_uri_type_t
 p11_kit_set_progname
 p11_kit_be_quiet
 p11_kit_be_loud
-p11_kit_message
 p11_kit_destroyer
 P11KitIter
 p11_kit_iter_new
@@ -104,3 +111,17 @@ p11_kit_iter_get_object
 p11_kit_iter_load_attributes
 p11_kit_iter_free
 

+
+

+p11-kit-deprecated
+p11_kit_initialize_registered
+p11_kit_finalize_registered
+p11_kit_registered_modules
+p11_kit_registered_module_to_name
+p11_kit_registered_name_to_module
+p11_kit_registered_option
+p11_kit_initialize_module
+p11_kit_load_initialize_module
+p11_kit_finalize_module
+P11_KIT_DEPRECATED_FOR
+

diff --git a/doc/manual/p11-kit-sharing.xml b/doc/manual/p11-kit-sharing.xml
index e692e3d..bf0ed01 100644
--- a/doc/manual/p11-kit-sharing.xml
+++ b/doc/manual/p11-kit-sharing.xml
@@ -42,52 +42,63 @@
 		loosely coupled, backwards compatible, and flexible way.
 	
 
-	

-		Solution: p11-kit
-
-		p11-kit provides functions to
-		coordinate initialization and finalization of any PKCS#11
-		module. A module may be initialized any number of times using
-		the p11_kit_initialize_module() function. The first time that
-		p11_kit_initialize_module() is called for a module, that module's
-		C_Initialize function is used. Later invocations for the same
-		module cause p11-kit to increment an internal initialization
-		count, rather than calling C_Initialize again.
-
-		The p11_kit_finalize_module() is used to finalize a module.
-		Each time it is called it decrements the internal initialization
-		count for that module. When the internal initialization count
-		reaches zero, the module's C_Finalize function is called.
-
-		This is done in a thread-safe manner. These functions can
-		be used on modules that the consumer loads themselves.
-	

-
-	

-		Solution: proxy module
-
-		When an application is aware of the fact that coordination
-		is necessary between multiple consumers of a PKCS#11 module, it
-		can link to p11-kit and use the functions there to provide
-		this coordination.
-
-		However most current consumers of PKCS#11 are ignorant of
-		this problem, and do not link to p11-kit. In order to solve this
-		multiple initialization problem for all applications,
-		p11-kit provides a proxy compatibility
-		module.
-
-		This proxy module acts like a normal PKCS#11 module, but
-		internally loads a preconfigured set of PKCS#11 modules and
-		coordinates their initialization and finalization. Each slot
-		in the configured modules is exposed as a slot of the
-		p11-kit proxy module. The proxy module is
-		then used as a normal PKCS#11 module would be. It can be loaded by
-		crypto libraries like NSS and behaves as expected.
-
-		The proxy module bends the PKCS#11 rules slightly. It does
-		not return the CKR_CRYPTOKI_ALREADY_INITIALIZED
-		error code as specified in PKCS#11. However this is a small
-		price to pay for this compatibility.
+	

+		Managed modules
+
+		p11-kit wraps PKCS#11 modules to manage
+		them and customize their functionality so that they are able
+		to be shared between multiple callers in the same process.
+
+		Each caller that uses the
+		p11_kit_modules_load()
+		or p11_kit_module_load()
+		function gets independent wrapped PKCS#11 module(s). This is unless a caller
+		or module configuration specifies that a module should be used in an
+		unmanaged fashion.
+
+		When modules are managed, the following aspects are wrapped and
+		coordinated:
+
+		
+		
+			Calls to C_Initialize and
+			C_Finalize can be called by multiple
+			callers.
+
+			The first time that the managed module
+			C_Initialize is called, the PKCS#11 module's actual
+			C_Initialize function is called. Subsequent calls by
+			other callers will cause p11-kit to increment an
+			internal initialization count, rather than calling
+			C_Initialize again.
+
+			Multiple callers can call the managed
+			C_Initialize function concurrently from different
+			threads and p11-kit will guarantee that this managed
+			in a thread-safe manner.
+		
+		
+			When the managed module C_Finalize is used
+			to finalize a module, each time it is called it decrements the internal
+			initialization count for that module. When the internal initialization
+			count reaches zero, the module's actual C_Finalize
+			function is called.
+
+			Multiple callers can call the managed C_Finalize
+			function concurrently from different threads and p11-kit
+			will guarantee that this managed in a thread-safe manner.
+		
+		
+			Call to C_CloseAllSessions only close the
+			sessions that the caller of the managed module has opened. This allows the
+			C_CloseAllSessions function to be used without closing
+			sessions for other callers of the same PKCS#11 module.
+		
+		
+			Managed modules have ability to log PKCS#11 method calls for debugging
+			purposes. See the log-calls = yes
+			module configuration option.
+		
+		
 	

 
diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml
index 1814377..1ff2562 100644
--- a/doc/manual/pkcs11.conf.xml
+++ b/doc/manual/pkcs11.conf.xml
@@ -128,6 +128,16 @@ x-custom : text
 		
 	
 	
+		
+		
+			Set to no if the module is not to be managed by
+			p11-kit. Making a module unmanaged is not recommended, and will cause
+			problems if multiple callers in a single process share a PKCS#11 module.
+
+			This argument is optonal and defaults to yes.
+		
+	
+	
 		
 		
 			The value should be an integer. When lists of modules are
@@ -147,6 +157,15 @@ x-custom : text
 			of trust policy information such as certificate anchors and black lists.
 		
 	
+	
+		log-calls:
+		
+			Set to yes to write a log to stderr of all the
+			calls into the module. This is only supported for managed modules.
+
+			This argument is optonal and defaults to no.
+		
+	
 	
 
 	Do not specify both enable-in and disable-in
@@ -172,6 +191,30 @@ x-custom : text
 		none, merge,
 		only.
 	
+	
+		
+		
+			Set to yes or no to
+			force all modules to be managed or unmanaged by p11-kit. Setting this
+			setting in a global configuration file will override the
+			managed setting in the individual module configuration
+			files. Making modules unmanaged is not recommended, and will cause
+			problems if multiple callers in a single process share a PKCS#11
+			module.
+
+			This argument is optonal.
+		
+	
+	
+		log-calls:
+		
+			Set to yes to write a log to stderr of all the
+			calls into all configured modules. This is only supported for managed
+			modules.
+
+			This argument is optional.
+		
+	
 	
 
 	Other fields may be present, but it is recommended that field names
diff --git a/doc/manual/version.xml b/doc/manual/version.xml
index 0cc9884..41915c7 100644
--- a/doc/manual/version.xml
+++ b/doc/manual/version.xml
@@ -1 +1 @@
-0.18.4
+0.19.1
diff --git a/gtk-doc.make b/gtk-doc.make
index cbef74b..824d8d6 100644
--- a/gtk-doc.make
+++ b/gtk-doc.make
@@ -116,7 +116,7 @@ scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB)
 	fi
 	@touch scan-build.stamp
 
-$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt: scan-build.stamp
+$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES): scan-build.stamp
 	@true
 
 #### xml ####
diff --git a/p11-kit/ABOUT-NLS b/p11-kit/ABOUT-NLS
deleted file mode 100644
index b1de1b6..0000000
--- a/p11-kit/ABOUT-NLS
+++ /dev/null
@@ -1,1282 +0,0 @@
-1 Notes on the Free Translation Project
-***************************************
-
-Free software is going international!  The Free Translation Project is
-a way to get maintainers of free software, translators, and users all
-together, so that free software will gradually become able to speak many
-languages.  A few packages already provide translations for their
-messages.
-
-   If you found this `ABOUT-NLS' file inside a distribution, you may
-assume that the distributed package does use GNU `gettext' internally,
-itself available at your nearest GNU archive site.  But you do _not_
-need to install GNU `gettext' prior to configuring, installing or using
-this package with messages translated.
-
-   Installers will find here some useful hints.  These notes also
-explain how users should proceed for getting the programs to use the
-available translations.  They tell how people wanting to contribute and
-work on translations can contact the appropriate team.
-
-1.1 INSTALL Matters
-===================
-
-Some packages are "localizable" when properly installed; the programs
-they contain can be made to speak your own native language.  Most such
-packages use GNU `gettext'.  Other packages have their own ways to
-internationalization, predating GNU `gettext'.
-
-   By default, this package will be installed to allow translation of
-messages.  It will automatically detect whether the system already
-provides the GNU `gettext' functions.  Installers may use special
-options at configuration time for changing the default behaviour.  The
-command:
-
-     ./configure --disable-nls
-
-will _totally_ disable translation of messages.
-
-   When you already have GNU `gettext' installed on your system and run
-configure without an option for your new package, `configure' will
-probably detect the previously built and installed `libintl' library
-and will decide to use it.  If not, you may have to to use the
-`--with-libintl-prefix' option to tell `configure' where to look for it.
-
-   Internationalized packages usually have many `po/LL.po' files, where
-LL gives an ISO 639 two-letter code identifying the language.  Unless
-translations have been forbidden at `configure' time by using the
-`--disable-nls' switch, all available translations are installed
-together with the package.  However, the environment variable `LINGUAS'
-may be set, prior to configuration, to limit the installed set.
-`LINGUAS' should then contain a space separated list of two-letter
-codes, stating which languages are allowed.
-
-1.2 Using This Package
-======================
-
-As a user, if your language has been installed for this package, you
-only have to set the `LANG' environment variable to the appropriate
-`LL_CC' combination.  If you happen to have the `LC_ALL' or some other
-`LC_xxx' environment variables set, you should unset them before
-setting `LANG', otherwise the setting of `LANG' will not have the
-desired effect.  Here `LL' is an ISO 639 two-letter language code, and
-`CC' is an ISO 3166 two-letter country code.  For example, let's
-suppose that you speak German and live in Germany.  At the shell
-prompt, merely execute `setenv LANG de_DE' (in `csh'),
-`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash').
-This can be done from your `.login' or `.profile' file, once and for
-all.
-
-   You might think that the country code specification is redundant.
-But in fact, some languages have dialects in different countries.  For
-example, `de_AT' is used for Austria, and `pt_BR' for Brazil.  The
-country code serves to distinguish the dialects.
-
-   The locale naming convention of `LL_CC', with `LL' denoting the
-language and `CC' denoting the country, is the one use on systems based
-on GNU libc.  On other systems, some variations of this scheme are
-used, such as `LL' or `LL_CC.ENCODING'.  You can get the list of
-locales supported by your system for your language by running the
-command `locale -a | grep '^LL''.
-
-   Not all programs have translations for all languages.  By default, an
-English message is shown in place of a nonexistent translation.  If you
-understand other languages, you can set up a priority list of languages.
-This is done through a different environment variable, called
-`LANGUAGE'.  GNU `gettext' gives preference to `LANGUAGE' over `LANG'
-for the purpose of message handling, but you still need to have `LANG'
-set to the primary language; this is required by other parts of the
-system libraries.  For example, some Swedish users who would rather
-read translations in German than English for when Swedish is not
-available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'.
-
-   Special advice for Norwegian users: The language code for Norwegian
-bokma*l changed from `no' to `nb' recently (in 2003).  During the
-transition period, while some message catalogs for this language are
-installed under `nb' and some older ones under `no', it's recommended
-for Norwegian users to set `LANGUAGE' to `nb:no' so that both newer and
-older translations are used.
-
-   In the `LANGUAGE' environment variable, but not in the `LANG'
-environment variable, `LL_CC' combinations can be abbreviated as `LL'
-to denote the language's main dialect.  For example, `de' is equivalent
-to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT'
-(Portuguese as spoken in Portugal) in this context.
-
-1.3 Translating Teams
-=====================
-
-For the Free Translation Project to be a success, we need interested
-people who like their own language and write it well, and who are also
-able to synergize with other translators speaking the same language.
-Each translation team has its own mailing list.  The up-to-date list of
-teams can be found at the Free Translation Project's homepage,
-`http://translationproject.org/', in the "Teams" area.
-
-   If you'd like to volunteer to _work_ at translating messages, you
-should become a member of the translating team for your own language.
-The subscribing address is _not_ the same as the list itself, it has
-`-request' appended.  For example, speakers of Swedish can send a
-message to `sv-request@li.org', having this message body:
-
-     subscribe
-
-   Keep in mind that team members are expected to participate
-_actively_ in translations, or at solving translational difficulties,
-rather than merely lurking around.  If your team does not exist yet and
-you want to start one, or if you are unsure about what to do or how to
-get started, please write to `coordinator@translationproject.org' to
-reach the coordinator for all translator teams.
-
-   The English team is special.  It works at improving and uniformizing
-the terminology in use.  Proven linguistic skills are praised more than
-programming skills, here.
-
-1.4 Available Packages
-======================
-
-Languages are not equally supported in all packages.  The following
-matrix shows the current state of internationalization, as of June
-2010.  The matrix shows, in regard of each package, for which languages
-PO files have been submitted to translation coordination, with a
-translation percentage of at least 50%.
-
-     Ready PO files       af am an ar as ast az be be@latin bg bn_IN bs ca
-                        +--------------------------------------------------+
-     a2ps               |                       []                      [] |
-     aegis              |                                                  |
-     ant-phone          |                                                  |
-     anubis             |                                                  |
-     aspell             |                []                             [] |
-     bash               |                                                  |
-     bfd                |                                                  |
-     bibshelf           |                []                                |
-     binutils           |                                                  |
-     bison              |                                                  |
-     bison-runtime      |                []                                |
-     bluez-pin          | []             []                                |
-     bombono-dvd        |                                                  |
-     buzztard           |                                                  |
-     cflow              |                                                  |
-     clisp              |                                                  |
-     coreutils          |                                   []          [] |
-     cpio               |                                                  |
-     cppi               |                                                  |
-     cpplib             |                                               [] |
-     cryptsetup         |                                                  |
-     dfarc              |                                                  |
-     dialog             |                             []                [] |
-     dico               |                                                  |
-     diffutils          |                                               [] |
-     dink               |                                                  |
-     doodle             |                                                  |
-     e2fsprogs          |                                               [] |
-     enscript           |                                               [] |
-     exif               |                                                  |
-     fetchmail          |                                               [] |
-     findutils          |                                   []             |
-     flex               |                                               [] |
-     freedink           |                                                  |
-     gas                |                                                  |
-     gawk               |                []                             [] |
-     gcal               |                                               [] |
-     gcc                |                                                  |
-     gettext-examples   | []             []                 []          [] |
-     gettext-runtime    |                                   []          [] |
-     gettext-tools      |                                   []          [] |
-     gip                |                                   []             |
-     gjay               |                                                  |
-     gliv               |                                   []             |
-     glunarclock        |                []                 []             |
-     gnubiff            |                                                  |
-     gnucash            |                                               [] |
-     gnuedu             |                                                  |
-     gnulib             |                                                  |
-     gnunet             |                                                  |
-     gnunet-gtk         |                                                  |
-     gnutls             |                                                  |
-     gold               |                                                  |
-     gpe-aerial         |                                                  |
-     gpe-beam           |                                                  |
-     gpe-bluetooth      |                                                  |
-     gpe-calendar       |                                                  |
-     gpe-clock          |                []                                |
-     gpe-conf           |                                                  |
-     gpe-contacts       |                                                  |
-     gpe-edit           |                                                  |
-     gpe-filemanager    |                                                  |
-     gpe-go             |                                                  |
-     gpe-login          |                                                  |
-     gpe-ownerinfo      |                []                                |
-     gpe-package        |                                                  |
-     gpe-sketchbook     |                                                  |
-     gpe-su             |                []                                |
-     gpe-taskmanager    |                []                                |
-     gpe-timesheet      |                []                                |
-     gpe-today          |                []                                |
-     gpe-todo           |                                                  |
-     gphoto2            |                                                  |
-     gprof              |                                   []             |
-     gpsdrive           |                                                  |
-     gramadoir          |                                                  |
-     grep               |                                                  |
-     grub               |                []                             [] |
-     gsasl              |                                                  |
-     gss                |                                                  |
-     gst-plugins-bad    |                                   []             |
-     gst-plugins-base   |                                   []             |
-     gst-plugins-good   |                                   []             |
-     gst-plugins-ugly   |                                   []             |
-     gstreamer          | []                                []          [] |
-     gtick              |                                                  |
-     gtkam              |                       []                         |
-     gtkorphan          |                                   []             |
-     gtkspell           | []             []     []                         |
-     gutenprint         |                                                  |
-     hello              |                                   []             |
-     help2man           |                                                  |
-     hylafax            |                                                  |
-     idutils            |                                                  |
-     indent             |                                   []          [] |
-     iso_15924          |                                                  |
-     iso_3166           | []          []        []          []  []   [] [] |
-     iso_3166_2         |                                                  |
-     iso_4217           |                                                  |
-     iso_639            |             [] []     []              []         |
-     iso_639_3          |                                                  |
-     jwhois             |                                                  |
-     kbd                |                                                  |
-     keytouch           |                                               [] |
-     keytouch-editor    |                                                  |
-     keytouch-keyboa... |                                               [] |
-     klavaro            |          []                                      |
-     latrine            |                                                  |
-     ld                 |                                   []             |
-     leafpad            |                                   []          [] |
-     libc               |                                   []          [] |
-     libexif            |                       ()                         |
-     libextractor       |                                                  |
-     libgnutls          |                                                  |
-     libgpewidget       |                                                  |
-     libgpg-error       |                                                  |
-     libgphoto2         |                                                  |
-     libgphoto2_port    |                                                  |
-     libgsasl           |                                                  |
-     libiconv           |                                   []             |
-     libidn             |                                                  |
-     lifelines          |                                                  |
-     liferea            |                             []                [] |
-     lilypond           |                                                  |
-     linkdr             |          []                                      |
-     lordsawar          |                                                  |
-     lprng              |                                                  |
-     lynx               |                                               [] |
-     m4                 |                                                  |
-     mailfromd          |                                                  |
-     mailutils          |                                                  |
-     make               |                                                  |
-     man-db             |                                                  |
-     man-db-manpages    |                                                  |
-     minicom            |                                                  |
-     mkisofs            |                                                  |
-     myserver           |                                                  |
-     nano               |                                   []          [] |
-     opcodes            |                                                  |
-     parted             |                                                  |
-     pies               |                                                  |
-     popt               |                                                  |
-     psmisc             |                                                  |
-     pspp               |                                               [] |
-     pwdutils           |                                                  |
-     radius             |                                               [] |
-     recode             |                       []                      [] |
-     rosegarden         |                                                  |
-     rpm                |                                                  |
-     rush               |                                                  |
-     sarg               |                                                  |
-     screem             |                                                  |
-     scrollkeeper       |                    [] []                      [] |
-     sed                |                []                             [] |
-     sharutils          |                                   []          [] |
-     shishi             |                                                  |
-     skencil            |                                                  |
-     solfege            |                                                  |
-     solfege-manual     |                                                  |
-     soundtracker       |                                                  |
-     sp                 |                                                  |
-     sysstat            |                                                  |
-     tar                |                                   []             |
-     texinfo            |                                                  |
-     tin                |                                                  |
-     unicode-han-tra... |                                                  |
-     unicode-transla... |                                                  |
-     util-linux-ng      |                                               [] |
-     vice               |                                                  |
-     vmm                |                                                  |
-     vorbis-tools       |                                                  |
-     wastesedge         |                                                  |
-     wdiff              |                                                  |
-     wget               |                       []                      [] |
-     wyslij-po          |                                                  |
-     xchat              |                []     []          []          [] |
-     xdg-user-dirs      | []    []    [] []     []    []    []  []      [] |
-     xkeyboard-config   |                                   []          [] |
-                        +--------------------------------------------------+
-                          af am an ar as ast az be be@latin bg bn_IN bs ca
-                           6  0  1  2  3 19   1 10     3    28   3    1 38
-
-                          crh cs da  de  el en en_GB en_ZA eo es et eu fa
-                        +-------------------------------------------------+
-     a2ps               |     [] []  []  []     []            [] []       |
-     aegis              |        []  []                       []          |
-     ant-phone          |        []  ()                                   |
-     anubis             |        []  []                                   |
-     aspell             |     [] []  []         []            []          |
-     bash               |     []                           [] []          |
-     bfd                |                                     []          |
-     bibshelf           |        []  []                       []          |
-     binutils           |                                     []          |
-     bison              |            []  []                               |
-     bison-runtime      |        []  []  []                      []       |
-     bluez-pin          |     [] []  []  []                [] []          |
-     bombono-dvd        |        []                                       |
-     buzztard           |     [] []  []                                   |
-     cflow              |        []  []                                   |
-     clisp              |        []  []     []                []          |
-     coreutils          |     [] []  []                          []       |
-     cpio               |                                                 |
-     cppi               |                                                 |
-     cpplib             |        []  []                       []          |
-     cryptsetup         |            []                                   |
-     dfarc              |        []  []                       []          |
-     dialog             |        []  []                    [] []    []    |
-     dico               |                                                 |
-     diffutils          |     [] []  []  []                [] []          |
-     dink               |        []  []                       []          |
-     doodle             |            []                                   |
-     e2fsprogs          |     []     []                       []          |
-     enscript           |        []  []         []                        |
-     exif               |     () []  []                                   |
-     fetchmail          |     [] []  ()  []     []            []          |
-     findutils          |     [] []  []                                   |
-     flex               |            []                       []          |
-     freedink           |        []  []                       []          |
-     gas                |                                     []          |
-     gawk               |        []  []                       []          |
-     gcal               |                                     []          |
-     gcc                |            []                       []          |
-     gettext-examples   |            []  []                [] []          |
-     gettext-runtime    |        []  []                    [] []          |
-     gettext-tools      |            []                       []    []    |
-     gip                |        []  []                       []    []    |
-     gjay               |            []                                   |
-     gliv               |     [] []  []                                   |
-     glunarclock        |        []  []                                   |
-     gnubiff            |            ()                                   |
-     gnucash            |     []     ()  ()     ()            ()          |
-     gnuedu             |        []                           []          |
-     gnulib             |            []                       []          |
-     gnunet             |                                                 |
-     gnunet-gtk         |        []                                       |
-     gnutls             |     []     []                                   |
-     gold               |                                     []          |
-     gpe-aerial         |     [] []  []                       []          |
-     gpe-beam           |     [] []  []                       []          |
-     gpe-bluetooth      |        []  []                                   |
-     gpe-calendar       |        []                                       |
-     gpe-clock          |     [] []  []                       []          |
-     gpe-conf           |     [] []  []                                   |
-     gpe-contacts       |        []  []                       []          |
-     gpe-edit           |        []  []                                   |
-     gpe-filemanager    |        []  []                       []          |
-     gpe-go             |     [] []  []                       []          |
-     gpe-login          |        []  []                                   |
-     gpe-ownerinfo      |     [] []  []                       []          |
-     gpe-package        |        []  []                       []          |
-     gpe-sketchbook     |     [] []  []                       []          |
-     gpe-su             |     [] []  []                       []          |
-     gpe-taskmanager    |     [] []  []                       []          |
-     gpe-timesheet      |     [] []  []                       []          |
-     gpe-today          |     [] []  []                       []          |
-     gpe-todo           |        []  []                       []          |
-     gphoto2            |     [] []  ()         []            []    []    |
-     gprof              |        []  []                       []          |
-     gpsdrive           |        []                           [] []       |
-     gramadoir          |        []  []                    []             |
-     grep               |     []                                          |
-     grub               |        []  []                                   |
-     gsasl              |            []                                   |
-     gss                |                                                 |
-     gst-plugins-bad    |     [] []  []                       []    []    |
-     gst-plugins-base   |     [] []  []                       []    []    |
-     gst-plugins-good   |     [] []  []  []                   []    []    |
-     gst-plugins-ugly   |     [] []  []  []                   []    []    |
-     gstreamer          |     [] []  []                       []    []    |
-     gtick              |        []  ()                    []             |
-     gtkam              |     [] []  ()                    [] []          |
-     gtkorphan          |     [] []  []                    []             |
-     gtkspell           |     [] []  []  []                [] []    []    |
-     gutenprint         |        []  []         []                        |
-     hello              |        []  []                    [] []          |
-     help2man           |            []                                   |
-     hylafax            |            []                       []          |
-     idutils            |        []  []                                   |
-     indent             |     [] []  []                    [] [] [] []    |
-     iso_15924          |        []      ()                [] []          |
-     iso_3166           | []  [] []  []  ()                [] [] [] ()    |
-     iso_3166_2         |                ()                               |
-     iso_4217           |     [] []  []  ()                   [] []       |
-     iso_639            | []  [] []  []  ()                [] []          |
-     iso_639_3          | []                                              |
-     jwhois             |                                     []          |
-     kbd                |     [] []  []  []                   []          |
-     keytouch           |        []  []                                   |
-     keytouch-editor    |        []  []                                   |
-     keytouch-keyboa... |        []                                       |
-     klavaro            |     [] []  []                    []             |
-     latrine            |        []  ()                                   |
-     ld                 |        []                           []          |
-     leafpad            |     [] []  []  []                   []    []    |
-     libc               |     [] []  []                       []          |
-     libexif            |        []  []         ()                        |
-     libextractor       |                                                 |
-     libgnutls          |     []                                          |
-     libgpewidget       |        []  []                                   |
-     libgpg-error       |     []     []                                   |
-     libgphoto2         |        []  ()                                   |
-     libgphoto2_port    |        []  ()                             []    |
-     libgsasl           |                                                 |
-     libiconv           |     [] []  []                    []    []       |
-     libidn             |     []     []                    []             |
-     lifelines          |        []  ()                                   |
-     liferea            |     []     []  []                   []    []    |
-     lilypond           |     []     []                       []          |
-     linkdr             |        []  []                       []          |
-     lordsawar          |        []                                       |
-     lprng              |                                                 |
-     lynx               |     [] []  []                          []       |
-     m4                 |     [] []  []  []                               |
-     mailfromd          |                                                 |
-     mailutils          |                                     []          |
-     make               |        []  []                       []          |
-     man-db             |                                                 |
-     man-db-manpages    |                                                 |
-     minicom            |     [] []  []                       []          |
-     mkisofs            |                                                 |
-     myserver           |                                                 |
-     nano               |            []                       []    []    |
-     opcodes            |            []                       []          |
-     parted             |     []     []                                   |
-     pies               |                                                 |
-     popt               |     [] []  []                    [] []          |
-     psmisc             |     []     []                             []    |
-     pspp               |                                     []          |
-     pwdutils           |        []                                       |
-     radius             |                                     []          |
-     recode             |     [] []  []  []                [] []          |
-     rosegarden         |     ()     ()                       ()          |
-     rpm                |        []  []                       []          |
-     rush               |                                                 |
-     sarg               |                                                 |
-     screem             |                                                 |
-     scrollkeeper       |     [] []  []         []            []          |
-     sed                |     []     []  []                [] [] []       |
-     sharutils          |        []  []                       [] []       |
-     shishi             |                                                 |
-     skencil            |        []  ()                       []          |
-     solfege            |            []                    []    []       |
-     solfege-manual     |                                  []    []       |
-     soundtracker       |        []  []                       []          |
-     sp                 |            []                                   |
-     sysstat            |        []  []                             []    |
-     tar                |     []     []                          [] []    |
-     texinfo            |            []                    [] []          |
-     tin                |            []                          []       |
-     unicode-han-tra... |                                                 |
-     unicode-transla... |                                                 |
-     util-linux-ng      |     [] []  []                       []          |
-     vice               |        ()  ()                                   |
-     vmm                |            []                                   |
-     vorbis-tools       |     []                           []             |
-     wastesedge         |        []                                       |
-     wdiff              |            []                       []          |
-     wget               |     []     []                          []       |
-     wyslij-po          |                                                 |
-     xchat              |     []     []  []                   [] []       |
-     xdg-user-dirs      | []  [] []  []  []                [] [] [] []    |
-     xkeyboard-config   | []  [] []  []                    [] []          |
-                        +-------------------------------------------------+
-                          crh cs da  de  el en en_GB en_ZA eo es et eu fa
-                           5  64 105 117 18  1   8     0   28 89 18 19  0
-
-                          fi  fr  ga gl gu he hi hr hu hy id  is it ja ka kn
-                        +----------------------------------------------------+
-     a2ps               | []  []                          []        []       |
-     aegis              |     []                                 []          |
-     ant-phone          |     []                                 []          |
-     anubis             | []  []                          []     []          |
-     aspell             |     []  []                      []     []          |
-     bash               | []  []                          []        []       |
-     bfd                | []  []                          []                 |
-     bibshelf           | []  []  []                      []     []          |
-     binutils           | []  []                          []                 |
-     bison              | []  []  []                      []                 |
-     bison-runtime      | []  []  []                      []     [] []       |
-     bluez-pin          | []  []  []                [] [] []  []    []       |
-     bombono-dvd        | []                                                 |
-     buzztard           |                                 []                 |
-     cflow              | []      []                      []                 |
-     clisp              |     []                                             |
-     coreutils          |     []  []                []    []     []          |
-     cpio               | []  []  []                      []                 |
-     cppi               | []  []                                             |
-     cpplib             | []  []                          []                 |
-     cryptsetup         |     []                          []     []          |
-     dfarc              | []  []                                 []          |
-     dialog             |     []  [] []                   []  [] [] []       |
-     dico               |                                                    |
-     diffutils          | []  []  [] []    []       []    []     [] []       |
-     dink               |     []                                             |
-     doodle             |         []                             []          |
-     e2fsprogs          |     []                          []                 |
-     enscript           |     []  []             []       []                 |
-     exif               | []  []                          []  [] [] []       |
-     fetchmail          |     []                          []     [] []       |
-     findutils          | []  []  []                []    []     []          |
-     flex               | []  []  []                                         |
-     freedink           | []  []                          []                 |
-     gas                |     []                          []                 |
-     gawk               |     []  []       []             []     () []       |
-     gcal               |     []                                             |
-     gcc                |                                 []                 |
-     gettext-examples   | []  []  []                []    []     [] []       |
-     gettext-runtime    | []  []  []                      []     [] []       |
-     gettext-tools      |     []                          []     [] []       |
-     gip                | []  []  [] []                   []        []       |
-     gjay               | []                                                 |
-     gliv               | []  ()                                             |
-     glunarclock        | []      []                []    []                 |
-     gnubiff            |     ()                          []     ()          |
-     gnucash            | ()  ()           ()       ()           () []       |
-     gnuedu             |     []                                 []          |
-     gnulib             | []  []  []                []           [] []       |
-     gnunet             |                                                    |
-     gnunet-gtk         |     []                                             |
-     gnutls             |     []                                 []          |
-     gold               | []                              []                 |
-     gpe-aerial         | []  []                          []                 |
-     gpe-beam           | []  []                          []        []       |
-     gpe-bluetooth      | []                              []     [] []       |
-     gpe-calendar       | []                                        []       |
-     gpe-clock          | []  []                    []    []        []       |
-     gpe-conf           | []  []                          []        []       |
-     gpe-contacts       | []  []                          []        []       |
-     gpe-edit           | []                              []        []       |
-     gpe-filemanager    | []                        []    []        []       |
-     gpe-go             | []  []                    []    []        []       |
-     gpe-login          | []                              []        []       |
-     gpe-ownerinfo      | []  []                    []    []        []       |
-     gpe-package        | []                              []        []       |
-     gpe-sketchbook     | []  []                          []        []       |
-     gpe-su             | []  []     []             []    []        []       |
-     gpe-taskmanager    | []  []                    []    []        []       |
-     gpe-timesheet      | []  []  []                      []        []       |
-     gpe-today          | []  []  [] []             []    []        []       |
-     gpe-todo           | []                              []        []       |
-     gphoto2            | []  []                    []    []     [] []       |
-     gprof              | []  []  []                      []                 |
-     gpsdrive           |            []                   []     []          |
-     gramadoir          |     []  []                      []                 |
-     grep               | []                                     []          |
-     grub               | []                        []    []     []          |
-     gsasl              | []  []  []                      []     []          |
-     gss                | []  []  []                      []     []          |
-     gst-plugins-bad    | []  []                    []    []     [] []       |
-     gst-plugins-base   | []  []                    []    []     [] []       |
-     gst-plugins-good   | []  []                    []    []     [] []       |
-     gst-plugins-ugly   | []  []                    []    []     [] []       |
-     gstreamer          | []  []                    []    []     []          |
-     gtick              | []  []  []                      []     []          |
-     gtkam              |     []                    []    []     [] []       |
-     gtkorphan          |     []                          []     []          |
-     gtkspell           | []  []  [] []             [] [] []     [] []       |
-     gutenprint         | []  []                    []           []          |
-     hello              | []      []                      []                 |
-     help2man           | []  []                                             |
-     hylafax            |                                 []                 |
-     idutils            | []  []  []                []    []     []          |
-     indent             | []  []  [] []             []    []     [] []       |
-     iso_15924          | []  ()                          []     []          |
-     iso_3166           | []  ()  [] [] [] [] [] [] []    []     [] []       |
-     iso_3166_2         |     ()                    []    []     []          |
-     iso_4217           | []  ()                    []    []     [] []       |
-     iso_639            | []  ()  []    []          []    []     [] []    [] |
-     iso_639_3          |     ()                                 []       [] |
-     jwhois             | []  []                    []    []     []          |
-     kbd                |     []                          []                 |
-     keytouch           | []  []  []                []    []     []          |
-     keytouch-editor    | []      []                []    []     []          |
-     keytouch-keyboa... | []      []                []    []     []          |
-     klavaro            |            []             []                       |
-     latrine            | []                              []     []          |
-     ld                 | []  []  []                      []                 |
-     leafpad            | []  []  []       []       []    []     [] ()       |
-     libc               | []  []     []                   []        []       |
-     libexif            |                                        []          |
-     libextractor       |                                                    |
-     libgnutls          |     []                                 []          |
-     libgpewidget       | []      []                      []        []       |
-     libgpg-error       |     []                                 []          |
-     libgphoto2         |     []                                 [] []       |
-     libgphoto2_port    |     []                                 [] []       |
-     libgsasl           | []  []  []                      []     []          |
-     libiconv           | []  []  []                      []     [] []       |
-     libidn             | []  []                          []     []          |
-     lifelines          |     ()                                             |
-     liferea            |     []                    []           [] []       |
-     lilypond           | []  []                                             |
-     linkdr             | []               []    [] []           []          |
-     lordsawar          |                                                    |
-     lprng              |                                 []                 |
-     lynx               |     []                    []    []     [] []       |
-     m4                 | []  []  [] []                   []        []       |
-     mailfromd          |                                                    |
-     mailutils          |     []                          []                 |
-     make               | []  []  [] []    []    []       []     [] []       |
-     man-db             |                                 []     []          |
-     man-db-manpages    |                                 []                 |
-     minicom            | []  []                    []    []        []       |
-     mkisofs            | []  []                          []     []          |
-     myserver           |                                                    |
-     nano               | []  []  [] []             []           []          |
-     opcodes            | []  []  []                      []                 |
-     parted             |     []                          []     [] []       |
-     pies               |                                                    |
-     popt               | []  []  [] []             []    []  [] [] []       |
-     psmisc             | []  []                          []                 |
-     pspp               |                                                    |
-     pwdutils           |     []                          []                 |
-     radius             |     []                          []                 |
-     recode             | []  []  [] []    []       []    []     []          |
-     rosegarden         | ()  ()                          ()     () ()       |
-     rpm                |                                 []        []       |
-     rush               |                                                    |
-     sarg               |     []                                             |
-     screem             |                                        [] []       |
-     scrollkeeper       | []                        []    []     []          |
-     sed                | []  []  [] []             []    []     [] []       |
-     sharutils          | []  []  []                []    []     [] []       |
-     shishi             |     []                                             |
-     skencil            |     []                                             |
-     solfege            | []  []     []                          []          |
-     solfege-manual     |     []     []                                      |
-     soundtracker       |     []                                 []          |
-     sp                 |     []                                    ()       |
-     sysstat            | []  []                          []     [] []       |
-     tar                | []  []  []                []    []     [] []       |
-     texinfo            |     []                          []     [] []       |
-     tin                |     []                                             |
-     unicode-han-tra... |                                                    |
-     unicode-transla... |     []  []                                         |
-     util-linux-ng      | []  []                    []    []     [] []       |
-     vice               |     ()                    ()           ()          |
-     vmm                |     []                                             |
-     vorbis-tools       |                                 []                 |
-     wastesedge         |     ()                                 ()          |
-     wdiff              | []                                                 |
-     wget               | []  []  []             [] []    []     [] []       |
-     wyslij-po          | []  []                          []                 |
-     xchat              | []  []        []    []    []    []     [] []    [] |
-     xdg-user-dirs      | []  []  [] [] [] [] []    []    []  [] [] []    [] |
-     xkeyboard-config   | []  []                    []    []     []          |
-                        +----------------------------------------------------+
-                          fi  fr  ga gl gu he hi hr hu hy id  is it ja ka kn
-                          105 121 53 20  4  8  3  5 53  2 120  5 84 67  0  4
-
-                          ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne
-                        +-----------------------------------------------+
-     a2ps               |                               []              |
-     aegis              |                                               |
-     ant-phone          |                                               |
-     anubis             |                               []    []        |
-     aspell             |                         []                    |
-     bash               |                                               |
-     bfd                |                                               |
-     bibshelf           |                []             []              |
-     binutils           |                                               |
-     bison              |                               []              |
-     bison-runtime      |       []    [] []             []    []        |
-     bluez-pin          |    [] []    [] []             []              |
-     bombono-dvd        |                                               |
-     buzztard           |                                               |
-     cflow              |                                               |
-     clisp              |                                               |
-     coreutils          |          []                                   |
-     cpio               |                                               |
-     cppi               |                                               |
-     cpplib             |                                               |
-     cryptsetup         |                                               |
-     dfarc              |                   []                          |
-     dialog             |    []       [] []             []    []        |
-     dico               |                                               |
-     diffutils          |                []             []              |
-     dink               |                                               |
-     doodle             |                                               |
-     e2fsprogs          |                                               |
-     enscript           |                                               |
-     exif               |                []                             |
-     fetchmail          |                                               |
-     findutils          |                                               |
-     flex               |                                               |
-     freedink           |                                     []        |
-     gas                |                                               |
-     gawk               |                                               |
-     gcal               |                                               |
-     gcc                |                                               |
-     gettext-examples   |       []       []             [] []           |
-     gettext-runtime    | []                                            |
-     gettext-tools      | []                                            |
-     gip                |                []             []              |
-     gjay               |                                               |
-     gliv               |                                               |
-     glunarclock        |                []                             |
-     gnubiff            |                                               |
-     gnucash            | ()          ()                      ()     () |
-     gnuedu             |                                               |
-     gnulib             |                                               |
-     gnunet             |                                               |
-     gnunet-gtk         |                                               |
-     gnutls             |                               []              |
-     gold               |                                               |
-     gpe-aerial         |                []                             |
-     gpe-beam           |                []                             |
-     gpe-bluetooth      |                []                []           |
-     gpe-calendar       |                []                             |
-     gpe-clock          | []    []       []             [] []           |
-     gpe-conf           | []             []                             |
-     gpe-contacts       | []             []                             |
-     gpe-edit           |                []                             |
-     gpe-filemanager    | []             []                             |
-     gpe-go             | []             []                []           |
-     gpe-login          |                []                             |
-     gpe-ownerinfo      |                []             []              |
-     gpe-package        | []             []                             |
-     gpe-sketchbook     | []             []                             |
-     gpe-su             | []    []       []             [] [] []        |
-     gpe-taskmanager    | [] [] []       []             [] []           |
-     gpe-timesheet      |                []             []              |
-     gpe-today          |       []       []             [] []           |
-     gpe-todo           |                []                   []        |
-     gphoto2            |                                               |
-     gprof              |                               []              |
-     gpsdrive           |                                               |
-     gramadoir          |                                               |
-     grep               |                                               |
-     grub               |                                               |
-     gsasl              |                                               |
-     gss                |                                               |
-     gst-plugins-bad    |             [] []                [] []        |
-     gst-plugins-base   |             [] []                             |
-     gst-plugins-good   |                []                []           |
-     gst-plugins-ugly   |             [] []             [] [] []        |
-     gstreamer          |                                               |
-     gtick              |                                               |
-     gtkam              |                                     []        |
-     gtkorphan          |                []                      []     |
-     gtkspell           |       []    [] []       []    []    [] []     |
-     gutenprint         |                                               |
-     hello              | []             []             []              |
-     help2man           |                                               |
-     hylafax            |                                               |
-     idutils            |                                               |
-     indent             |                                               |
-     iso_15924          |             [] []                             |
-     iso_3166           | [] []       () [] [] []    []       []        |
-     iso_3166_2         |                                               |
-     iso_4217           |             []                      []        |
-     iso_639            |                      []    []                 |
-     iso_639_3          |                            []                 |
-     jwhois             |                []                             |
-     kbd                |                                               |
-     keytouch           |                []                             |
-     keytouch-editor    |                []                             |
-     keytouch-keyboa... |                []                             |
-     klavaro            |                                     []        |
-     latrine            |                []                             |
-     ld                 |                                               |
-     leafpad            | []          [] []                             |
-     libc               | []                                            |
-     libexif            |                                               |
-     libextractor       |                                               |
-     libgnutls          |                               []              |
-     libgpewidget       |                []             []              |
-     libgpg-error       |                                               |
-     libgphoto2         |                                               |
-     libgphoto2_port    |                                               |
-     libgsasl           |                                               |
-     libiconv           |                                               |
-     libidn             |                                               |
-     lifelines          |                                               |
-     liferea            |                                               |
-     lilypond           |                                               |
-     linkdr             |                                               |
-     lordsawar          |                                               |
-     lprng              |                                               |
-     lynx               |                                               |
-     m4                 |                                               |
-     mailfromd          |                                               |
-     mailutils          |                                               |
-     make               | []                                            |
-     man-db             |                                               |
-     man-db-manpages    |                                               |
-     minicom            |                                     []        |
-     mkisofs            |                                               |
-     myserver           |                                               |
-     nano               |                               []    []        |
-     opcodes            |                                               |
-     parted             |                                               |
-     pies               |                                               |
-     popt               | []             []                   []        |
-     psmisc             |                                               |
-     pspp               |                                               |
-     pwdutils           |                                               |
-     radius             |                                               |
-     recode             |                                               |
-     rosegarden         |                                               |
-     rpm                |                                               |
-     rush               |                                               |
-     sarg               |                                               |
-     screem             |                                               |
-     scrollkeeper       |                                     []     [] |
-     sed                |                                               |
-     sharutils          |                                               |
-     shishi             |                                               |
-     skencil            |                                               |
-     solfege            |                                     []        |
-     solfege-manual     |                                               |
-     soundtracker       |                                               |
-     sp                 |                                               |
-     sysstat            |                []                             |
-     tar                |       []                                      |
-     texinfo            |                                     []        |
-     tin                |                                               |
-     unicode-han-tra... |                                               |
-     unicode-transla... |                                               |
-     util-linux-ng      |                                               |
-     vice               |                                               |
-     vmm                |                                               |
-     vorbis-tools       |                                               |
-     wastesedge         |                                               |
-     wdiff              |                                               |
-     wget               |             []                                |
-     wyslij-po          |                                               |
-     xchat              | []             [] []                          |
-     xdg-user-dirs      | [] []       [] [] []       []       [] []     |
-     xkeyboard-config   | []    []    []                                |
-                        +-----------------------------------------------+
-                          ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne
-                          20  5 10  1 13 48  4  2  2  4 24 10 20  3   1
-
-                          nl  nn or pa pl  ps pt pt_BR ro ru rw sk sl sq sr
-                        +---------------------------------------------------+
-     a2ps               | []           []     []  []   [] []       []    [] |
-     aegis              | []                      []      []                |
-     ant-phone          |                         []   []                   |
-     anubis             | []           []                 []                |
-     aspell             | []                           [] []    [] []       |
-     bash               | []                                    []          |
-     bfd                |                                 []                |
-     bibshelf           | []  []                                            |
-     binutils           |                                 []    []          |
-     bison              | []           []                 []                |
-     bison-runtime      | []           []     []  []   [] []       []       |
-     bluez-pin          | []           []         []   [] []    [] []    [] |
-     bombono-dvd        |     []                          ()                |
-     buzztard           | []  []                                            |
-     cflow              |              []                                   |
-     clisp              | []                              []                |
-     coreutils          | []           []     []  []      []       []       |
-     cpio               | []           []                 []                |
-     cppi               |              []                                   |
-     cpplib             | []                                                |
-     cryptsetup         | []                                                |
-     dfarc              |              []                                   |
-     dialog             | []           []         []      []                |
-     dico               |              []                                   |
-     diffutils          | []           []         []   [] []             [] |
-     dink               | ()                                                |
-     doodle             | []                                          []    |
-     e2fsprogs          | []           []                                   |
-     enscript           | []                      []   [] []       []       |
-     exif               | []           []              [] ()    []          |
-     fetchmail          | []           []                 []          []    |
-     findutils          | []           []     []          []       []       |
-     flex               | []           []         []   [] []                |
-     freedink           | []           []                                   |
-     gas                |                                                   |
-     gawk               | []           []         []   []                   |
-     gcal               |                                                   |
-     gcc                |                                                [] |
-     gettext-examples   | []           []     []       [] []    [] []    [] |
-     gettext-runtime    | []  []       []     []       [] []    [] []    [] |
-     gettext-tools      |              []              [] []    [] []    [] |
-     gip                | []           []                 []    []       [] |
-     gjay               |                                                   |
-     gliv               | []           []         []   [] []    []          |
-     glunarclock        | []                      []   []       []       [] |
-     gnubiff            | []                           ()                   |
-     gnucash            | []           ()         ()      ()                |
-     gnuedu             | []                                                |
-     gnulib             | []           []                 []       []       |
-     gnunet             |                                                   |
-     gnunet-gtk         |                                                   |
-     gnutls             | []           []                                   |
-     gold               |                                                   |
-     gpe-aerial         | []                  []  []   [] []       []    [] |
-     gpe-beam           | []                  []  []   [] []       []    [] |
-     gpe-bluetooth      | []                      []                        |
-     gpe-calendar       |                         []      []       []    [] |
-     gpe-clock          | []                  []  []   [] []    [] []    [] |
-     gpe-conf           | []                  []  []   [] []    [] []       |
-     gpe-contacts       |                         []   [] []       []    [] |
-     gpe-edit           | []           []                          []       |
-     gpe-filemanager    | []                              []       []       |
-     gpe-go             | []           []         []   [] []    [] []    [] |
-     gpe-login          | []                      []                        |
-     gpe-ownerinfo      | []                  []  []   [] []    [] []    [] |
-     gpe-package        | []                                       []       |
-     gpe-sketchbook     | []                  []  []   [] []       []    [] |
-     gpe-su             | []                  []  []   [] []    [] []    [] |
-     gpe-taskmanager    | []                  []  []   [] []    [] []    [] |
-     gpe-timesheet      | []                  []  []   [] []    [] []    [] |
-     gpe-today          | []                  []  []   [] []    [] []    [] |
-     gpe-todo           | []                      []      []       []    [] |
-     gphoto2            | []        [] []         []   [] []    []       [] |
-     gprof              | []                      []   []                   |
-     gpsdrive           | []                              []                |
-     gramadoir          | []                                    []          |
-     grep               | []           []                 []    []          |
-     grub               | []           []                 []                |
-     gsasl              | []           []                       []       [] |
-     gss                |              []              []       []          |
-     gst-plugins-bad    | []           []         []      []    []    []    |
-     gst-plugins-base   | []           []         []      []    []          |
-     gst-plugins-good   | []           []         []      []    []          |
-     gst-plugins-ugly   | []           []         []      []    [] []       |
-     gstreamer          | []           []         []      []    []          |
-     gtick              | []                              []    []          |
-     gtkam              | []        [] []         []      []    []          |
-     gtkorphan          | []                                                |
-     gtkspell           | []           []     []  []   [] []    [] [] [] [] |
-     gutenprint         | []                              []                |
-     hello              | []           []                       [] []       |
-     help2man           |              []                 []                |
-     hylafax            | []                                                |
-     idutils            | []           []         []   [] []                |
-     indent             | []           []         []   [] []    []       [] |
-     iso_15924          | []           []                 []       []       |
-     iso_3166           | []  [] [] [] []     ()  []   [] [] [] [] [] [] [] |
-     iso_3166_2         | []           []                          []       |
-     iso_4217           | []  []       []     []          [] []    []    [] |
-     iso_639            | []     [] [] []                 [] [] [] []    [] |
-     iso_639_3          |        [] []                                      |
-     jwhois             | []           []         []   []                   |
-     kbd                | []           []              []                   |
-     keytouch           | []           []                       []          |
-     keytouch-editor    | []           []                       []          |
-     keytouch-keyboa... | []           []                       []          |
-     klavaro            | []                      []                        |
-     latrine            |              []                 []                |
-     ld                 |                                                   |
-     leafpad            | []  []       []     []  []      []    [] []    [] |
-     libc               | []           []                 []    []          |
-     libexif            | []           []         ()            []          |
-     libextractor       |                                                   |
-     libgnutls          | []           []                                   |
-     libgpewidget       | []           []                          []       |
-     libgpg-error       |              []              []                   |
-     libgphoto2         | []           []                                   |
-     libgphoto2_port    | []           []         []      []    []          |
-     libgsasl           | []           []              []       []       [] |
-     libiconv           | []           []                       [] []    [] |
-     libidn             | []           []                                   |
-     lifelines          | []           []                                   |
-     liferea            | []           []     []  []   [] ()    ()    []    |
-     lilypond           | []                                                |
-     linkdr             | []                  []          []                |
-     lordsawar          |                                                   |
-     lprng              |              []                                   |
-     lynx               | []                      []      []                |
-     m4                 | []           []         []   [] []                |
-     mailfromd          |              []                                   |
-     mailutils          |              []                                   |
-     make               | []           []         []      []                |
-     man-db             | []           []                 []                |
-     man-db-manpages    | []           []                 []                |
-     minicom            |              []         []   [] []                |
-     mkisofs            | []           []                 []                |
-     myserver           |                                                   |
-     nano               | []           []         []      []                |
-     opcodes            | []                           []                   |
-     parted             | []           []                 []    []          |
-     pies               |              []                                   |
-     popt               | []           []     []          []                |
-     psmisc             | []           []                 []                |
-     pspp               | []                      []                        |
-     pwdutils           |              []                                   |
-     radius             | []           []                 []                |
-     recode             | []           []     []  []   [] []    [] []       |
-     rosegarden         |              ()                 ()                |
-     rpm                | []           []     []                            |
-     rush               | []           []                                   |
-     sarg               |                                                   |
-     screem             |                                                   |
-     scrollkeeper       | []  []       []              [] []    []    [] [] |
-     sed                | []           []     []  []   [] []    [] []    [] |
-     sharutils          | []           []                 []             [] |
-     shishi             |              []                                   |
-     skencil            |                     []  []                        |
-     solfege            | []           []         []      []                |
-     solfege-manual     | []           []         []                        |
-     soundtracker       |                                       []          |
-     sp                 |                                                   |
-     sysstat            | []           []         []      []                |
-     tar                | []           []                 []       []       |
-     texinfo            | []           []              [] []                |
-     tin                |                                 []                |
-     unicode-han-tra... |                                                   |
-     unicode-transla... |                                                   |
-     util-linux-ng      | []           []         []      []       []       |
-     vice               | []                                                |
-     vmm                | []                                                |
-     vorbis-tools       | []           []                                   |
-     wastesedge         | []                                                |
-     wdiff              | []           []                                   |
-     wget               | []           []     []  []      []    [] []       |
-     wyslij-po          | []  []       []                                   |
-     xchat              | []        [] []     []          []    [] [] [] [] |
-     xdg-user-dirs      | []  [] [] [] []  [] []  []   [] []    [] [] [] [] |
-     xkeyboard-config   | []           []                 []                |
-                        +---------------------------------------------------+
-                          nl  nn or pa pl  ps pt pt_BR ro ru rw sk sl sq sr
-                          135 10  4  7 105  1 29  62   47 91  3 54 46  9 37
-
-                          sv  sw ta te tg th tr uk vi  wa zh_CN zh_HK zh_TW
-                        +---------------------------------------------------+
-     a2ps               | []              [] [] [] []                       | 27
-     aegis              |                          []                       |  9
-     ant-phone          | []                 []    []      []               |  9
-     anubis             | []                 [] [] []                       | 15
-     aspell             |                       [] []  []                   | 20
-     bash               | []                    [] []                       | 12
-     bfd                |                          []                       |  6
-     bibshelf           | []                       []      []               | 16
-     binutils           |                       [] []                       |  8
-     bison              | []                       []                       | 12
-     bison-runtime      | []              []    [] []      []          []   | 29
-     bluez-pin          | []              [] [] [] []  []  []          []   | 37
-     bombono-dvd        |                          []                       |  4
-     buzztard           |                          []                       |  7
-     cflow              |                       [] []      []               |  9
-     clisp              |                                                   | 10
-     coreutils          | []                    [] []      []               | 22
-     cpio               | []                 [] [] []      []          []   | 13
-     cppi               |                       [] []                       |  5
-     cpplib             | []                 [] [] []      []          []   | 14
-     cryptsetup         | []                       []                       |  7
-     dfarc              |                          []                       |  9
-     dialog             | []  []          []       []  []  []          []   | 30
-     dico               |                       []                          |  2
-     diffutils          | []                 [] [] []      []          []   | 30
-     dink               |                                                   |  4
-     doodle             | []                       []                       |  7
-     e2fsprogs          | []                 []    []                       | 11
-     enscript           | []                 [] [] []                       | 17
-     exif               | []                       []      []               | 16
-     fetchmail          |                    []    []      []               | 17
-     findutils          | []                 [] [] []      []               | 20
-     flex               | []                 []    []                  []   | 15
-     freedink           |                          []                       | 10
-     gas                |                    []                             |  4
-     gawk               | []                 []    []      []               | 18
-     gcal               | []                 []                             |  5
-     gcc                | []                 []            []               |  7
-     gettext-examples   | []                 [] [] []      []    []    []   | 34
-     gettext-runtime    | []                 [] [] []      []    []    []   | 29
-     gettext-tools      | []                 [] [] []      []          []   | 22
-     gip                | []                       []      []          []   | 22
-     gjay               |                          []                       |  3
-     gliv               | []                 []    []                       | 14
-     glunarclock        | []                       []  []  []          []   | 19
-     gnubiff            | []                       []                       |  4
-     gnucash            |                    () [] ()      []          ()   | 10
-     gnuedu             |                          []                  []   |  7
-     gnulib             | []                    [] []      []               | 16
-     gnunet             |                          []                       |  1
-     gnunet-gtk         | []                 []    []                       |  5
-     gnutls             | []                       []      []               | 10
-     gold               |                          []                       |  4
-     gpe-aerial         | []                       []      []               | 18
-     gpe-beam           | []                       []      []               | 19
-     gpe-bluetooth      | []                       []      []               | 13
-     gpe-calendar       | []                       []  []  []               | 12
-     gpe-clock          | []                 []    []  []  []               | 28
-     gpe-conf           | []                       []  []  []               | 20
-     gpe-contacts       | []                       []      []               | 17
-     gpe-edit           | []                       []      []               | 12
-     gpe-filemanager    | []                       []  []  []               | 16
-     gpe-go             | []                 []    []  []  []               | 25
-     gpe-login          | []                       []      []               | 11
-     gpe-ownerinfo      | []                 []    []      []          []   | 25
-     gpe-package        | []                       []      []               | 13
-     gpe-sketchbook     | []                       []      []               | 20
-     gpe-su             | []                 []    []  []  []               | 30
-     gpe-taskmanager    | []                 []    []  []  []               | 29
-     gpe-timesheet      | []                 []    []      []          []   | 25
-     gpe-today          | []                 []    []  []  []          []   | 30
-     gpe-todo           | []                       []  []  []               | 17
-     gphoto2            | []                    [] []      []          []   | 24
-     gprof              | []                 []    []                       | 15
-     gpsdrive           | []                       []      []               | 11
-     gramadoir          | []                       []      []               | 11
-     grep               |                 []       []      []               | 10
-     grub               | []                       []      []               | 14
-     gsasl              | []                       []      []          []   | 14
-     gss                | []                       []      []               | 11
-     gst-plugins-bad    | []                 []    []      []               | 26
-     gst-plugins-base   | []                 [] [] []      []               | 24
-     gst-plugins-good   | []                 []    []      []               | 24
-     gst-plugins-ugly   | []                 [] [] []      []               | 29
-     gstreamer          | []                    [] []      []               | 22
-     gtick              |                       [] []      []               | 13
-     gtkam              | []                       []      []               | 20
-     gtkorphan          | []                       []      []               | 14
-     gtkspell           | []              [] [] [] []  []  []    []    []   | 45
-     gutenprint         | []                                                | 10
-     hello              | []              [] []    []      []          []   | 21
-     help2man           | []                       []                       |  7
-     hylafax            |                          []                       |  5
-     idutils            | []                 []    []      []               | 17
-     indent             | []                 [] [] []      []          []   | 30
-     iso_15924          |                 ()    [] ()      []          []   | 16
-     iso_3166           | []        []    () [] [] ()  []  []    []    ()   | 53
-     iso_3166_2         |                 ()    [] ()      []               |  9
-     iso_4217           | []              () [] [] ()      []    []         | 26
-     iso_639            | []     [] []    ()    [] ()  []  []    []    []   | 38
-     iso_639_3          |        []                ()                       |  8
-     jwhois             | []                 []    []      []          []   | 16
-     kbd                | []                 [] [] []      []               | 15
-     keytouch           | []                       []      []               | 16
-     keytouch-editor    | []                       []      []               | 14
-     keytouch-keyboa... | []                       []      []               | 14
-     klavaro            |                          []                       | 11
-     latrine            |                    []    []      []               | 10
-     ld                 | []                 []    []                  []   | 11
-     leafpad            | []                 [] [] []      []          []   | 33
-     libc               | []                 []    []      []          []   | 21
-     libexif            |                          []      ()               |  7
-     libextractor       |                          []                       |  1
-     libgnutls          | []                       []      []               |  9
-     libgpewidget       | []                       []      []               | 14
-     libgpg-error       | []                       []      []               |  9
-     libgphoto2         |                       [] []                       |  8
-     libgphoto2_port    | []                    [] []                  []   | 14
-     libgsasl           | []                       []      []               | 13
-     libiconv           | []                       []  []  []               | 21
-     libidn             | ()                       []      []               | 11
-     lifelines          | []                                                |  4
-     liferea            | []                 []            []               | 21
-     lilypond           |                          []                       |  7
-     linkdr             | []                 []    []      []          []   | 17
-     lordsawar          |                                                   |  1
-     lprng              |                          []                       |  3
-     lynx               | []                 [] [] []                       | 17
-     m4                 | []                       []      []          []   | 19
-     mailfromd          |                       [] []                       |  3
-     mailutils          |                          []                       |  5
-     make               | []                 []    []      []               | 21
-     man-db             | []                       []      []               |  8
-     man-db-manpages    |                                                   |  4
-     minicom            | []                       []                       | 16
-     mkisofs            |                          []      []               |  9
-     myserver           |                                                   |  0
-     nano               | []                       []      []          []   | 21
-     opcodes            | []                 []    []                       | 11
-     parted             | []                 [] [] []                  []   | 15
-     pies               |                       [] []                       |  3
-     popt               | []              [] []    []      []          []   | 27
-     psmisc             | []                       []                       | 11
-     pspp               |                                                   |  4
-     pwdutils           | []                       []                       |  6
-     radius             |                       [] []                       |  9
-     recode             | []                 []    []      []               | 28
-     rosegarden         | ()                                                |  0
-     rpm                | []                       []                  []   | 11
-     rush               |                       [] []                       |  4
-     sarg               |                                                   |  1
-     screem             |                          []                       |  3
-     scrollkeeper       | []                 [] [] []                  []   | 27
-     sed                | []                 []    []      []          []   | 30
-     sharutils          | []                 []    []      []          []   | 22
-     shishi             |                          []                       |  3
-     skencil            | []                       []                       |  7
-     solfege            | []                 []    []      []               | 16
-     solfege-manual     |                    []                             |  8
-     soundtracker       | []                 []    []                       |  9
-     sp                 |                    []                             |  3
-     sysstat            |                          []      []               | 15
-     tar                | []                 [] [] []      []          []   | 23
-     texinfo            | []                 [] [] []      []               | 17
-     tin                |                                                   |  4
-     unicode-han-tra... |                                                   |  0
-     unicode-transla... |                                                   |  2
-     util-linux-ng      | []                 [] [] []                       | 20
-     vice               | ()                 ()                             |  1
-     vmm                |                          []                       |  4
-     vorbis-tools       |                          []                       |  6
-     wastesedge         |                                                   |  2
-     wdiff              | []                       []                       |  7
-     wget               | []                 []    []      []          []   | 26
-     wyslij-po          |                       [] []                       |  8
-     xchat              | []              []    [] []      []          []   | 36
-     xdg-user-dirs      | []     [] []    [] [] [] []      []    []    []   | 63
-     xkeyboard-config   | []                    [] []                       | 22
-                        +---------------------------------------------------+
-       85 teams           sv  sw ta te tg th tr uk vi  wa zh_CN zh_HK zh_TW
-      178 domains         119  1  3  3  0 10 65 51 155 17  98     7    41    2618
-
-   Some counters in the preceding matrix are higher than the number of
-visible blocks let us expect.  This is because a few extra PO files are
-used for implementing regional variants of languages, or language
-dialects.
-
-   For a PO file in the matrix above to be effective, the package to
-which it applies should also have been internationalized and
-distributed as such by its maintainer.  There might be an observable
-lag between the mere existence a PO file and its wide availability in a
-distribution.
-
-   If June 2010 seems to be old, you may fetch a more recent copy of
-this `ABOUT-NLS' file on most GNU archive sites.  The most up-to-date
-matrix with full percentage details can be found at
-`http://translationproject.org/extra/matrix.html'.
-
-1.5 Using `gettext' in new packages
-===================================
-
-If you are writing a freely available program and want to
-internationalize it you are welcome to use GNU `gettext' in your
-package.  Of course you have to respect the GNU Library General Public
-License which covers the use of the GNU `gettext' library.  This means
-in particular that even non-free programs can use `libintl' as a shared
-library, whereas only free software can use `libintl' as a static
-library or use modified versions of `libintl'.
-
-   Once the sources are changed appropriately and the setup can handle
-the use of `gettext' the only thing missing are the translations.  The
-Free Translation Project is also available for packages which are not
-developed inside the GNU project.  Therefore the information given above
-applies also for every other Free Software Project.  Contact
-`coordinator@translationproject.org' to make the `.pot' files available
-to the translation teams.
-
diff --git a/p11-kit/Makefile.am b/p11-kit/Makefile.am
index 1ab3b3d..2e08e84 100644
--- a/p11-kit/Makefile.am
+++ b/p11-kit/Makefile.am
@@ -5,7 +5,7 @@ SUBDIRS = . tests
 
 COMMON = $(top_srcdir)/common
 
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(COMMON) \
 	-DP11_KIT_FUTURE_UNSTABLE_API \
@@ -14,6 +14,7 @@ INCLUDES = \
 incdir = $(includedir)/p11-kit-1/p11-kit
 
 inc_HEADERS = \
+	deprecated.h \
 	iter.h \
 	p11-kit.h \
 	pin.h \
@@ -24,14 +25,16 @@ MODULE_SRCS = \
 	util.c \
 	conf.c conf.h \
 	iter.c \
-	modules.c \
+	log.c log.h \
+	modules.c modules.h \
 	pkcs11.h \
 	pin.c \
 	pkcs11.h \
-	proxy.c \
+	proxy.c proxy.h \
 	private.h \
 	messages.c \
 	uri.c \
+	virtual.c virtual.h \
 	$(inc_HEADERS)
 
 lib_LTLIBRARIES = \
@@ -44,6 +47,7 @@ libp11_kit_la_CFLAGS = \
 	-DP11_USER_CONFIG_FILE=\""$(p11_user_config_file)"\" \
 	-DP11_USER_CONFIG_MODULES=\""$(p11_user_config_modules)"\" \
 	-DP11_MODULE_PATH=\""$(p11_module_path)"\" \
+	$(LIBFFI_CFLAGS) \
 	$(NULL)
 
 libp11_kit_la_LDFLAGS = \
@@ -54,9 +58,10 @@ libp11_kit_la_LDFLAGS = \
 libp11_kit_la_SOURCES = $(MODULE_SRCS)
 
 libp11_kit_la_LIBADD = \
-	$(LTLIBINTL) \
 	$(top_builddir)/common/libp11-common.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(LIBFFI_LIBS) \
+	$(LTLIBINTL) \
 	$(NULL)
 
 noinst_LTLIBRARIES = \
@@ -75,6 +80,7 @@ libp11_kit_testable_la_CFLAGS = \
 	-DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/tests/files/user-pkcs11.conf"\" \
 	-DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/user-modules/win32"\" \
 	-DP11_MODULE_PATH=\""$(abs_top_builddir)/p11-kit/tests/.libs"\" \
+	$(LIBFFI_CFLAGS) \
 	$(NULL)
 
 else
@@ -86,6 +92,7 @@ libp11_kit_testable_la_CFLAGS = \
 	-DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/tests/files/user-pkcs11.conf"\" \
 	-DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/user-modules"\" \
 	-DP11_MODULE_PATH=\""$(abs_top_builddir)/p11-kit/tests/.libs"\" \
+	$(LIBFFI_CFLAGS) \
 	$(NULL)
 
 endif
@@ -98,7 +105,9 @@ example_DATA = pkcs11.conf.example
 
 EXTRA_DIST = \
 	p11-kit-1.pc.in \
-	pkcs11.conf.example.in
+	pkcs11.conf.example.in \
+	docs.h \
+	$(NULL)
 
 # Proxy module is actually same as library, so install a link
 install-exec-hook:
diff --git a/p11-kit/Makefile.in b/p11-kit/Makefile.in
index c63c2fa..67206c5 100644
--- a/p11-kit/Makefile.in
+++ b/p11-kit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.13.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2012 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -17,51 +17,23 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
+am__make_dryrun = \
+  { \
+    am__dry=no; \
     case $$MAKEFLAGS in \
       *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
+        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
+          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+      *) \
+        for am__flg in $$MAKEFLAGS; do \
+          case $$am__flg in \
+            *=*|--*) ;; \
+            *n*) am__dry=yes; break;; \
+          esac; \
+        done;; \
     esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+    test $$am__dry = yes; \
+  }
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -83,7 +55,7 @@ host_triplet = @host@
 DIST_COMMON = $(top_srcdir)/build/Makefile.decl $(srcdir)/Makefile.in \
 	$(srcdir)/Makefile.am $(srcdir)/p11-kit-1.pc.in \
 	$(srcdir)/pkcs11.conf.example.in $(top_srcdir)/depcomp \
-	$(inc_HEADERS) ABOUT-NLS
+	$(inc_HEADERS)
 subdir = p11-kit
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/build/m4/gettext.m4 \
@@ -135,18 +107,20 @@ am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(exampledir)" \
 	"$(DESTDIR)$(pkgconfigdir)" "$(DESTDIR)$(incdir)"
 LTLIBRARIES = $(lib_LTLIBRARIES) $(noinst_LTLIBRARIES)
 am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) \
-	$(top_builddir)/common/libp11-common.la \
-	$(top_builddir)/common/libp11-library.la $(am__DEPENDENCIES_1)
+am__DEPENDENCIES_2 = $(top_builddir)/common/libp11-common.la \
+	$(top_builddir)/common/libp11-library.la $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 libp11_kit_testable_la_DEPENDENCIES = $(am__DEPENDENCIES_2)
 am__objects_1 =
 am__objects_2 = $(am__objects_1)
 am__objects_3 = libp11_kit_testable_la-util.lo \
 	libp11_kit_testable_la-conf.lo libp11_kit_testable_la-iter.lo \
+	libp11_kit_testable_la-log.lo \
 	libp11_kit_testable_la-modules.lo \
 	libp11_kit_testable_la-pin.lo libp11_kit_testable_la-proxy.lo \
 	libp11_kit_testable_la-messages.lo \
-	libp11_kit_testable_la-uri.lo $(am__objects_2)
+	libp11_kit_testable_la-uri.lo \
+	libp11_kit_testable_la-virtual.lo $(am__objects_2)
 am_libp11_kit_testable_la_OBJECTS = $(am__objects_3)
 libp11_kit_testable_la_OBJECTS = $(am_libp11_kit_testable_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
@@ -157,14 +131,14 @@ libp11_kit_testable_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(libp11_kit_testable_la_CFLAGS) $(CFLAGS) \
 	$(libp11_kit_testable_la_LDFLAGS) $(LDFLAGS) -o $@
-libp11_kit_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
-	$(top_builddir)/common/libp11-common.la \
-	$(top_builddir)/common/libp11-library.la $(am__DEPENDENCIES_1)
+libp11_kit_la_DEPENDENCIES = $(top_builddir)/common/libp11-common.la \
+	$(top_builddir)/common/libp11-library.la $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
 am__objects_4 = libp11_kit_la-util.lo libp11_kit_la-conf.lo \
-	libp11_kit_la-iter.lo libp11_kit_la-modules.lo \
-	libp11_kit_la-pin.lo libp11_kit_la-proxy.lo \
-	libp11_kit_la-messages.lo libp11_kit_la-uri.lo \
-	$(am__objects_2)
+	libp11_kit_la-iter.lo libp11_kit_la-log.lo \
+	libp11_kit_la-modules.lo libp11_kit_la-pin.lo \
+	libp11_kit_la-proxy.lo libp11_kit_la-messages.lo \
+	libp11_kit_la-uri.lo libp11_kit_la-virtual.lo $(am__objects_2)
 am_libp11_kit_la_OBJECTS = $(am__objects_4)
 libp11_kit_la_OBJECTS = $(am_libp11_kit_la_OBJECTS)
 libp11_kit_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
@@ -322,6 +296,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LCOV = @LCOV@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
+LIBFFI_CFLAGS = @LIBFFI_CFLAGS@
+LIBFFI_LIBS = @LIBFFI_LIBS@
 LIBICONV = @LIBICONV@
 LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
@@ -437,7 +413,7 @@ with_trust_paths = @with_trust_paths@
 NULL = 
 SUBDIRS = . tests
 COMMON = $(top_srcdir)/common
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(COMMON) \
 	-DP11_KIT_FUTURE_UNSTABLE_API \
@@ -445,6 +421,7 @@ INCLUDES = \
 
 incdir = $(includedir)/p11-kit-1/p11-kit
 inc_HEADERS = \
+	deprecated.h \
 	iter.h \
 	p11-kit.h \
 	pin.h \
@@ -455,14 +432,16 @@ MODULE_SRCS = \
 	util.c \
 	conf.c conf.h \
 	iter.c \
-	modules.c \
+	log.c log.h \
+	modules.c modules.h \
 	pkcs11.h \
 	pin.c \
 	pkcs11.h \
-	proxy.c \
+	proxy.c proxy.h \
 	private.h \
 	messages.c \
 	uri.c \
+	virtual.c virtual.h \
 	$(inc_HEADERS)
 
 lib_LTLIBRARIES = \
@@ -475,6 +454,7 @@ libp11_kit_la_CFLAGS = \
 	-DP11_USER_CONFIG_FILE=\""$(p11_user_config_file)"\" \
 	-DP11_USER_CONFIG_MODULES=\""$(p11_user_config_modules)"\" \
 	-DP11_MODULE_PATH=\""$(p11_module_path)"\" \
+	$(LIBFFI_CFLAGS) \
 	$(NULL)
 
 libp11_kit_la_LDFLAGS = \
@@ -484,9 +464,10 @@ libp11_kit_la_LDFLAGS = \
 
 libp11_kit_la_SOURCES = $(MODULE_SRCS)
 libp11_kit_la_LIBADD = \
-	$(LTLIBINTL) \
 	$(top_builddir)/common/libp11-common.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(LIBFFI_LIBS) \
+	$(LTLIBINTL) \
 	$(NULL)
 
 noinst_LTLIBRARIES = \
@@ -502,6 +483,7 @@ libp11_kit_testable_la_LIBADD = $(libp11_kit_la_LIBADD)
 @OS_WIN32_FALSE@	-DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/tests/files/user-pkcs11.conf"\" \
 @OS_WIN32_FALSE@	-DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/user-modules"\" \
 @OS_WIN32_FALSE@	-DP11_MODULE_PATH=\""$(abs_top_builddir)/p11-kit/tests/.libs"\" \
+@OS_WIN32_FALSE@	$(LIBFFI_CFLAGS) \
 @OS_WIN32_FALSE@	$(NULL)
 
 @OS_WIN32_TRUE@libp11_kit_testable_la_CFLAGS = \
@@ -511,6 +493,7 @@ libp11_kit_testable_la_LIBADD = $(libp11_kit_la_LIBADD)
 @OS_WIN32_TRUE@	-DP11_USER_CONFIG_FILE=\""$(abs_top_srcdir)/p11-kit/tests/files/user-pkcs11.conf"\" \
 @OS_WIN32_TRUE@	-DP11_USER_CONFIG_MODULES=\""$(abs_top_srcdir)/p11-kit/tests/files/user-modules/win32"\" \
 @OS_WIN32_TRUE@	-DP11_MODULE_PATH=\""$(abs_top_builddir)/p11-kit/tests/.libs"\" \
+@OS_WIN32_TRUE@	$(LIBFFI_CFLAGS) \
 @OS_WIN32_TRUE@	$(NULL)
 
 pkgconfigdir = $(libdir)/pkgconfig
@@ -519,7 +502,9 @@ exampledir = $(p11_system_config)
 example_DATA = pkcs11.conf.example
 EXTRA_DIST = \
 	p11-kit-1.pc.in \
-	pkcs11.conf.example.in
+	pkcs11.conf.example.in \
+	docs.h \
+	$(NULL)
 
 all: all-recursive
 
@@ -606,10 +591,8 @@ clean-noinstLTLIBRARIES:
 	  echo rm -f $${locs}; \
 	  rm -f $${locs}; \
 	}
-
 libp11-kit-testable.la: $(libp11_kit_testable_la_OBJECTS) $(libp11_kit_testable_la_DEPENDENCIES) $(EXTRA_libp11_kit_testable_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(libp11_kit_testable_la_LINK)  $(libp11_kit_testable_la_OBJECTS) $(libp11_kit_testable_la_LIBADD) $(LIBS)
-
 libp11-kit.la: $(libp11_kit_la_OBJECTS) $(libp11_kit_la_DEPENDENCIES) $(EXTRA_libp11_kit_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(libp11_kit_la_LINK) -rpath $(libdir) $(libp11_kit_la_OBJECTS) $(libp11_kit_la_LIBADD) $(LIBS)
 
@@ -621,20 +604,24 @@ distclean-compile:
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-conf.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-iter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-log.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-messages.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-modules.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-pin.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-proxy.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-uri.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-util.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_la-virtual.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-conf.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-iter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-log.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-messages.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-modules.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-pin.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-proxy.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-uri.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-util.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libp11_kit_testable_la-virtual.Plo@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -678,6 +665,13 @@ libp11_kit_testable_la-iter.lo: iter.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o libp11_kit_testable_la-iter.lo `test -f 'iter.c' || echo '$(srcdir)/'`iter.c
 
+libp11_kit_testable_la-log.lo: log.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT libp11_kit_testable_la-log.lo -MD -MP -MF $(DEPDIR)/libp11_kit_testable_la-log.Tpo -c -o libp11_kit_testable_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libp11_kit_testable_la-log.Tpo $(DEPDIR)/libp11_kit_testable_la-log.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='log.c' object='libp11_kit_testable_la-log.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o libp11_kit_testable_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c
+
 libp11_kit_testable_la-modules.lo: modules.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT libp11_kit_testable_la-modules.lo -MD -MP -MF $(DEPDIR)/libp11_kit_testable_la-modules.Tpo -c -o libp11_kit_testable_la-modules.lo `test -f 'modules.c' || echo '$(srcdir)/'`modules.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libp11_kit_testable_la-modules.Tpo $(DEPDIR)/libp11_kit_testable_la-modules.Plo
@@ -713,6 +707,13 @@ libp11_kit_testable_la-uri.lo: uri.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o libp11_kit_testable_la-uri.lo `test -f 'uri.c' || echo '$(srcdir)/'`uri.c
 
+libp11_kit_testable_la-virtual.lo: virtual.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -MT libp11_kit_testable_la-virtual.lo -MD -MP -MF $(DEPDIR)/libp11_kit_testable_la-virtual.Tpo -c -o libp11_kit_testable_la-virtual.lo `test -f 'virtual.c' || echo '$(srcdir)/'`virtual.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libp11_kit_testable_la-virtual.Tpo $(DEPDIR)/libp11_kit_testable_la-virtual.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='virtual.c' object='libp11_kit_testable_la-virtual.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_testable_la_CFLAGS) $(CFLAGS) -c -o libp11_kit_testable_la-virtual.lo `test -f 'virtual.c' || echo '$(srcdir)/'`virtual.c
+
 libp11_kit_la-util.lo: util.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -MT libp11_kit_la-util.lo -MD -MP -MF $(DEPDIR)/libp11_kit_la-util.Tpo -c -o libp11_kit_la-util.lo `test -f 'util.c' || echo '$(srcdir)/'`util.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libp11_kit_la-util.Tpo $(DEPDIR)/libp11_kit_la-util.Plo
@@ -734,6 +735,13 @@ libp11_kit_la-iter.lo: iter.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -c -o libp11_kit_la-iter.lo `test -f 'iter.c' || echo '$(srcdir)/'`iter.c
 
+libp11_kit_la-log.lo: log.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -MT libp11_kit_la-log.lo -MD -MP -MF $(DEPDIR)/libp11_kit_la-log.Tpo -c -o libp11_kit_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libp11_kit_la-log.Tpo $(DEPDIR)/libp11_kit_la-log.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='log.c' object='libp11_kit_la-log.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -c -o libp11_kit_la-log.lo `test -f 'log.c' || echo '$(srcdir)/'`log.c
+
 libp11_kit_la-modules.lo: modules.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -MT libp11_kit_la-modules.lo -MD -MP -MF $(DEPDIR)/libp11_kit_la-modules.Tpo -c -o libp11_kit_la-modules.lo `test -f 'modules.c' || echo '$(srcdir)/'`modules.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libp11_kit_la-modules.Tpo $(DEPDIR)/libp11_kit_la-modules.Plo
@@ -769,6 +777,13 @@ libp11_kit_la-uri.lo: uri.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -c -o libp11_kit_la-uri.lo `test -f 'uri.c' || echo '$(srcdir)/'`uri.c
 
+libp11_kit_la-virtual.lo: virtual.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -MT libp11_kit_la-virtual.lo -MD -MP -MF $(DEPDIR)/libp11_kit_la-virtual.Tpo -c -o libp11_kit_la-virtual.lo `test -f 'virtual.c' || echo '$(srcdir)/'`virtual.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libp11_kit_la-virtual.Tpo $(DEPDIR)/libp11_kit_la-virtual.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='virtual.c' object='libp11_kit_la-virtual.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libp11_kit_la_CFLAGS) $(CFLAGS) -c -o libp11_kit_la-virtual.lo `test -f 'virtual.c' || echo '$(srcdir)/'`virtual.c
+
 mostlyclean-libtool:
 	-rm -f *.lo
 
@@ -845,12 +860,13 @@ uninstall-incHEADERS:
 #     (which will cause the Makefiles to be regenerated when you run 'make');
 # (2) otherwise, pass the desired values on the 'make' command line.
 $(am__recursive_targets):
-	@fail=; \
-	if $(am__make_keepgoing); then \
-	  failcom='fail=yes'; \
-	else \
-	  failcom='exit 1'; \
-	fi; \
+	@fail= failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
 	dot_seen=no; \
 	target=`echo $@ | sed s/-recursive//`; \
 	case "$@" in \
@@ -1136,6 +1152,11 @@ leakcheck:
 		test "$$dir" = "." || $(MAKE) -C $$dir leakcheck; \
 	done
 
+hellcheck:
+	@for dir in $(SUBDIRS); do \
+		test "$$dir" = "." || $(MAKE) -C $$dir hellcheck; \
+	done
+
 # Proxy module is actually same as library, so install a link
 install-exec-hook:
 	$(LN_S) -f `readlink $(DESTDIR)$(libdir)/libp11-kit.so` $(DESTDIR)$(libdir)/p11-kit-proxy.so
diff --git a/p11-kit/deprecated.h b/p11-kit/deprecated.h
new file mode 100644
index 0000000..ffe5d9d
--- /dev/null
+++ b/p11-kit/deprecated.h
@@ -0,0 +1,97 @@
+/*
+ * Copyright (c) 2013 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#ifndef __P11_KIT_DEPRECATED_H__
+#define __P11_KIT_DEPRECATED_H__
+
+#ifndef __P11_KIT_H__
+#error "Please include  instead of this file."
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef P11_KIT_NO_DEPRECATIONS
+#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)
+#define P11_KIT_DEPRECATED_FOR(f) __attribute__((deprecated("Use " #f " instead")))
+#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)
+#define P11_KIT_DEPRECATED_FOR(f) __attribute__((__deprecated__))
+#endif
+#endif
+
+#ifndef P11_KIT_DEPRECATED_FOR
+#define P11_KIT_DEPRECATED_FOR(f)
+#endif
+
+#ifndef P11_KIT_DISABLE_DEPRECATED
+
+P11_KIT_DEPRECATED_FOR (p11_kit_modules_load)
+CK_RV                    p11_kit_initialize_registered     (void);
+
+P11_KIT_DEPRECATED_FOR (p11_kit_modules_release)
+CK_RV                    p11_kit_finalize_registered       (void);
+
+P11_KIT_DEPRECATED_FOR (p11_kit_modules_release)
+CK_FUNCTION_LIST_PTR *   p11_kit_registered_modules        (void);
+
+P11_KIT_DEPRECATED_FOR (p11_kit_module_for_name)
+CK_FUNCTION_LIST_PTR     p11_kit_registered_name_to_module (const char *name);
+
+P11_KIT_DEPRECATED_FOR (p11_kit_module_get_name)
+char *                   p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module);
+
+P11_KIT_DEPRECATED_FOR (p11_kit_config_option)
+char *                   p11_kit_registered_option         (CK_FUNCTION_LIST_PTR module,
+                                                            const char *field);
+
+P11_KIT_DEPRECATED_FOR (module->C_Initialize)
+CK_RV                    p11_kit_initialize_module         (CK_FUNCTION_LIST_PTR module);
+
+P11_KIT_DEPRECATED_FOR (module->C_Finalize)
+CK_RV                    p11_kit_finalize_module           (CK_FUNCTION_LIST_PTR module);
+
+P11_KIT_DEPRECATED_FOR (p11_kit_module_load)
+CK_RV                    p11_kit_load_initialize_module    (const char *module_path,
+                                                            CK_FUNCTION_LIST_PTR *module);
+
+#endif /* P11_KIT_DISABLE_DEPRECATED */
+
+#undef P11_KIT_DEPRECATED_FOR
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* __P11_KIT_DEPRECATED_H__ */
diff --git a/p11-kit/docs.h b/p11-kit/docs.h
new file mode 100644
index 0000000..7b29e3d
--- /dev/null
+++ b/p11-kit/docs.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2013 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+/* This header is not used by anything, and merely to help gtk-doc be sane */
+
+#define P11_KIT_MODULE_UNMANAGED 1
+#define P11_KIT_MODULE_CRITICAL 1
diff --git a/p11-kit/log.c b/p11-kit/log.c
new file mode 100644
index 0000000..19377b2
--- /dev/null
+++ b/p11-kit/log.c
@@ -0,0 +1,2022 @@
+/*
+ * Copyright (c) 2007, Stefan Walter
+ * Copyright (c) 2013, Red Hat Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ *
+ * CONTRIBUTORS
+ *  Stef Walter 
+ */
+
+#include "config.h"
+
+#include "attrs.h"
+#include "buffer.h"
+#include "constants.h"
+#include "debug.h"
+#include "log.h"
+#include "p11-kit.h"
+#include "virtual.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+bool p11_log_force = false;
+bool p11_log_output = true;
+
+typedef struct {
+	p11_virtual virt;
+	CK_X_FUNCTION_LIST *lower;
+	p11_destroyer destroyer;
+} LogData;
+
+#define LOG_FLAG(buf, flags, had, flag) \
+	if ((flags & flag) == flag) { \
+		p11_buffer_add (buf, had ? " | " : " = ", 3); \
+		p11_buffer_add (buf, #flag, -1); \
+		had++; \
+	}
+
+static void
+log_CKM (p11_buffer *buf,
+         CK_MECHANISM_TYPE v)
+{
+	char temp[32];
+	const char *string;
+
+	string = p11_constant_name (p11_constant_mechanisms, v);
+	if (string == NULL) {
+		snprintf (temp, sizeof (temp), "CKM_0x%08lX", v);
+		p11_buffer_add (buf, temp, -1);
+	} else {
+		p11_buffer_add (buf, string, -1);
+	}
+}
+
+static void
+log_CKS (p11_buffer *buf,
+         CK_STATE v)
+{
+	char temp[32];
+	const char *string;
+
+	string = p11_constant_name (p11_constant_states, v);
+	if (string == NULL) {
+		snprintf (temp, sizeof (temp), "CKS_0x%08lX", v);
+		p11_buffer_add (buf, temp, -1);
+	} else {
+		p11_buffer_add (buf, string, -1);
+	}
+}
+
+static void
+log_CKU (p11_buffer *buf,
+         CK_USER_TYPE v)
+{
+	char temp[32];
+	const char *string;
+
+	string = p11_constant_name (p11_constant_users, v);
+	if (string == NULL) {
+		snprintf (temp, sizeof (temp), "CKU_0x%08lX", v);
+		p11_buffer_add (buf, temp, -1);
+	} else {
+		p11_buffer_add (buf, string, -1);
+	}
+}
+
+static void
+log_CKR (p11_buffer *buf,
+         CK_RV v)
+{
+	char temp[32];
+	const char *string;
+
+	string = p11_constant_name (p11_constant_returns, v);
+	if (string == NULL) {
+		snprintf (temp, sizeof (temp), "CKR_0x%08lX", v);
+		p11_buffer_add (buf, temp, -1);
+	} else {
+		p11_buffer_add (buf, string, -1);
+	}
+}
+
+static void
+log_some_bytes (p11_buffer *buf,
+                CK_BYTE_PTR arr,
+                CK_ULONG num)
+{
+	CK_ULONG i;
+	char temp[128];
+	char *p, *e;
+	CK_BYTE ch;
+
+	if(!arr) {
+		p11_buffer_add (buf, "NULL", 4);
+		return;
+	} else if (num == (CK_ULONG)-1) {
+		p11_buffer_add (buf, "????", 4);
+		return;
+	}
+
+	temp[0] = '\"';
+	p = temp + 1;
+	e = temp + (sizeof (temp) - 8);
+
+	for(i = 0; i < num && p < e; ++i, ++p) {
+		ch = arr[i];
+		if (ch == '\t') {
+			p[0] = '\\'; p[1] = 't';
+			++p;
+		} else if (ch == '\n') {
+			p[0] = '\\'; p[1] = 'n';
+			++p;
+		} else if (ch == '\r') {
+			p[0] = '\\'; p[1] = 'r';
+			++p;
+		} else if (ch >= 32 && ch < 127) {
+			*p = ch;
+		} else {
+			p[0] = '\\';
+			p[1] = 'x';
+			sprintf(p + 2, "%02X", ch);
+			p += 3;
+		}
+	}
+
+	*p = 0;
+	if (p >= e)
+		strcpy (e, "...");
+	strcat (p, "\"");
+	p11_buffer_add (buf, temp, -1);
+}
+
+static void
+log_pointer (p11_buffer *buf,
+             const char *pref,
+             const char *name,
+             CK_VOID_PTR val,
+             CK_RV status)
+{
+	char temp[32];
+
+	if (status != CKR_OK)
+		return;
+
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = ", 3);
+	if (val == NULL) {
+		p11_buffer_add (buf, "NULL\n", 5);
+	} else {
+		snprintf (temp, sizeof (temp), "0x%08lX\n", (unsigned long)(size_t)val);
+		p11_buffer_add (buf, temp, -1);
+	}
+}
+
+static void
+log_attribute_types (p11_buffer *buf,
+                     const char *pref,
+                     const char *name,
+                     CK_ATTRIBUTE_PTR arr,
+                     CK_ULONG num,
+                     CK_RV status)
+{
+	const char *string;
+	char temp[32];
+	CK_ULONG i;
+
+	if (status == CKR_BUFFER_TOO_SMALL) {
+		arr = NULL;
+		status = CKR_OK;
+	}
+	if (status != CKR_OK)
+		return;
+
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = ", 3);
+	if (arr == NULL) {
+		snprintf (temp, sizeof (temp), "(%lu) NONE\n", num);
+		p11_buffer_add (buf, temp, -1);
+	} else {
+		snprintf (temp, sizeof (temp), "(%lu) [ ", num);
+		p11_buffer_add (buf, temp, -1);
+		for (i = 0; i < num; i++) {
+			if (i > 0)
+				p11_buffer_add (buf, ", ", 2);
+			string = p11_constant_name (p11_constant_types, arr[i].type);
+			if (string != NULL) {
+				p11_buffer_add (buf, string, -1);
+			} else {
+				snprintf (temp, sizeof (temp), "CKA_0x%08lX", arr[i].type);
+				p11_buffer_add (buf, temp, -1);
+			}
+		}
+
+		p11_buffer_add (buf, " ]\n", 3);
+	}
+}
+
+static void
+log_attribute_array (p11_buffer *buf,
+                     const char *pref,
+                     const char *name,
+                     CK_ATTRIBUTE_PTR arr,
+                     CK_ULONG num,
+                     CK_RV status)
+{
+	char temp[32];
+
+	if (status == CKR_BUFFER_TOO_SMALL) {
+		arr = NULL;
+		status = CKR_OK;
+	}
+	if (status != CKR_OK)
+		return;
+
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = ", 3);
+	if (arr == NULL) {
+		snprintf (temp, sizeof (temp), "(%lu) NONE\n", num);
+		p11_buffer_add (buf, temp, -1);
+	} else {
+		p11_attrs_format (buf, arr, num);
+		p11_buffer_add (buf, "\n", 1);
+	}
+}
+
+static void
+log_bool (p11_buffer *buf,
+          const char *pref,
+          const char *name,
+          CK_BBOOL val,
+          CK_RV status)
+{
+	if (status == CKR_OK) {
+		p11_buffer_add (buf, pref, -1);
+		p11_buffer_add (buf, name, -1);
+		p11_buffer_add (buf, " = ", 3);
+		p11_buffer_add (buf, val ? "CK_TRUE" : "CK_FALSE", -1);
+		p11_buffer_add (buf, "\n", 1);
+	}
+}
+
+static void
+log_byte_array (p11_buffer *buf,
+                const char *pref,
+                const char *name,
+                CK_BYTE_PTR arr,
+                CK_ULONG_PTR num,
+                CK_RV status)
+{
+	char temp[32];
+
+	if (status == CKR_BUFFER_TOO_SMALL) {
+		arr = NULL;
+		status = CKR_OK;
+	}
+
+	if (status != CKR_OK)
+		return;
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = ", 3);
+	if (num == NULL) {
+		p11_buffer_add (buf, "(?) NOTHING\n", -1);
+	} else if (arr == NULL) {
+		snprintf (temp, sizeof (temp), "(%lu) NOTHING\n", *num);
+		p11_buffer_add (buf, temp, -1);
+	} else {
+		snprintf (temp, sizeof (temp), "(%lu) ", *num);
+		p11_buffer_add (buf, temp, -1);
+		log_some_bytes (buf, arr, *num);
+		p11_buffer_add (buf, "\n", 1);
+	}
+}
+
+static void
+log_info (p11_buffer *buf,
+          const char *pref,
+          const char *name,
+          CK_INFO_PTR info,
+          CK_RV status)
+{
+	char temp[32];
+
+	if (status != CKR_OK)
+		return;
+	if (info == NULL) {
+		log_pointer (buf, pref, name, info, status);
+	} else {
+		p11_buffer_add (buf, pref, -1);
+		p11_buffer_add (buf, name, -1);
+		p11_buffer_add (buf, " = {\n", 5);
+		p11_buffer_add (buf, "\tcryptokiVersion: ", -1);
+		snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->cryptokiVersion.major,
+		          (unsigned int)info->cryptokiVersion.minor);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tmanufacturerID: \"", -1);
+		p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID)));
+		p11_buffer_add (buf, "\"\n\tflags: ", -1);
+		snprintf (temp, sizeof (temp), "%lX", info->flags);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tlibraryDescription: \"", -1);
+		p11_buffer_add (buf, info->libraryDescription, p11_kit_space_strlen (info->libraryDescription, sizeof (info->libraryDescription)));
+		p11_buffer_add (buf, "\"\n\tlibraryVersion: ", -1);
+		snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->libraryVersion.major,
+		          (unsigned int)info->libraryVersion.minor);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n      }\n", -1);
+	}
+}
+
+static void
+log_pInitArgs (p11_buffer *buf,
+               const char *pref,
+               const char *name,
+               CK_VOID_PTR pInitArgs,
+               CK_RV status)
+{
+	char temp[32];
+	int had = 0;
+
+	if (status != CKR_OK)
+		return;
+	if (pInitArgs == NULL)
+		log_pointer (buf, pref, name, pInitArgs, status);
+	else {
+		CK_C_INITIALIZE_ARGS *args = (CK_C_INITIALIZE_ARGS*)pInitArgs;
+		p11_buffer_add (buf, pref, -1);
+		p11_buffer_add (buf, name, -1);
+		p11_buffer_add (buf, " = {\n", 5);
+		p11_buffer_add (buf, "\tCreateMutex: ", -1);
+		snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->CreateMutex);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tDestroyMutex: ", -1);
+		snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->DestroyMutex);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tLockMutex: ", -1);
+		snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->LockMutex);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tUnlockMutex: ", -1);
+		snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->UnlockMutex);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tflags: ", -1);
+		snprintf (temp, sizeof (temp), "%lX", args->flags);
+		LOG_FLAG (buf, args->flags, had, CKF_OS_LOCKING_OK);
+		p11_buffer_add (buf, "\n\treserved: ", -1);
+		snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)args->pReserved);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n      }\n", -1);
+	}
+}
+
+static void
+log_mechanism_info (p11_buffer *buf,
+                    const char *pref,
+                    const char *name,
+                    CK_MECHANISM_INFO_PTR info,
+                    CK_RV status)
+{
+	char temp[32];
+	int had = 0;
+
+	if (status != CKR_OK)
+		return;
+	if (info == NULL) {
+		log_pointer (buf, pref, name, info, status);
+	} else {
+		p11_buffer_add (buf, pref, -1);
+		p11_buffer_add (buf, name, -1);
+		p11_buffer_add (buf, " = {\n", 5);
+		p11_buffer_add (buf, "\tulMinKeySize: ", -1);
+		snprintf (temp, sizeof (temp), "%lu", info->ulMinKeySize);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tulMaxKeySize: ", -1);
+		snprintf (temp, sizeof (temp), "%lu", info->ulMaxKeySize);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tflags: ", -1);
+		snprintf (temp, sizeof (temp), "%lX", info->flags);
+		p11_buffer_add (buf, temp, -1);
+		LOG_FLAG (buf, info->flags, had, CKF_HW);
+		LOG_FLAG (buf, info->flags, had, CKF_ENCRYPT);
+		LOG_FLAG (buf, info->flags, had, CKF_DECRYPT);
+		LOG_FLAG (buf, info->flags, had, CKF_DIGEST);
+		LOG_FLAG (buf, info->flags, had, CKF_SIGN);
+		LOG_FLAG (buf, info->flags, had, CKF_SIGN_RECOVER);
+		LOG_FLAG (buf, info->flags, had, CKF_VERIFY);
+		LOG_FLAG (buf, info->flags, had, CKF_VERIFY_RECOVER);
+		LOG_FLAG (buf, info->flags, had, CKF_GENERATE);
+		LOG_FLAG (buf, info->flags, had, CKF_GENERATE_KEY_PAIR);
+		LOG_FLAG (buf, info->flags, had, CKF_WRAP);
+		LOG_FLAG (buf, info->flags, had, CKF_UNWRAP);
+		LOG_FLAG (buf, info->flags, had, CKF_DERIVE);
+		LOG_FLAG (buf, info->flags, had, CKF_EXTENSION);
+		p11_buffer_add (buf, "\n      }\n", -1);
+	}
+}
+
+static void
+log_mechanism (p11_buffer *buf,
+               const char *pref,
+               const char *name,
+               CK_MECHANISM_PTR mech,
+               CK_RV status)
+{
+	char temp[32];
+
+	if (status != CKR_OK)
+		return;
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = {\n", 5);
+	p11_buffer_add (buf, "\tmechanism: ", -1);
+	log_CKM (buf, mech->mechanism);
+	p11_buffer_add (buf, "\n\tpParameter: ", -1);
+	snprintf (temp, sizeof (temp), "(%lu) ", mech->ulParameterLen);
+	p11_buffer_add (buf, temp, -1);
+	log_some_bytes (buf, mech->pParameter, mech->ulParameterLen);
+	p11_buffer_add (buf, "\n      }\n", -1);
+}
+
+static void
+log_mechanism_type (p11_buffer *buf,
+                    const char *pref,
+                    const char *name,
+                    CK_MECHANISM_TYPE val,
+                    CK_RV status)
+{
+	if (status != CKR_OK)
+		return;
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = ", 3);
+	log_CKM (buf, val);
+	p11_buffer_add (buf, "\n", 1);
+}
+
+static void
+log_mechanism_type_array (p11_buffer *buf,
+                          const char *pref,
+                          const char *name,
+                          CK_MECHANISM_TYPE_PTR arr,
+                          CK_ULONG_PTR num,
+                          CK_RV status)
+{
+	char temp[32];
+	CK_ULONG i;
+
+	if (status == CKR_BUFFER_TOO_SMALL) {
+		arr = NULL;
+		status = CKR_OK;
+	}
+	if (status != CKR_OK)
+		return;
+
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = ", 3);
+	if (num == NULL) {
+		p11_buffer_add (buf, "(?) NO-VALUES\n", -1);
+	} else if (arr == NULL) {
+		snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num);
+		p11_buffer_add (buf, temp, -1);
+	} else {
+		snprintf (temp, sizeof (temp), "(%lu) [ ", *num);
+		p11_buffer_add (buf, temp, -1);
+		for(i = 0; i < *num; ++i) {
+			if (i > 0)
+				p11_buffer_add (buf, ", ", 2);
+			log_CKM (buf, arr[i]);
+		}
+		p11_buffer_add (buf, " ]\n", 3);
+	}
+}
+
+static void
+log_session_info (p11_buffer *buf,
+                  const char *pref,
+                  const char *name,
+                  CK_SESSION_INFO_PTR info,
+                  CK_RV status)
+{
+	char temp[32];
+	int had = 0;
+
+	if (status != CKR_OK)
+		return;
+	if (info == NULL) {
+		log_pointer (buf, pref, name, info, status);
+	} else {
+		p11_buffer_add (buf, pref, -1);
+		p11_buffer_add (buf, name, -1);
+		p11_buffer_add (buf, " = {\n", 5);
+		p11_buffer_add (buf, "\tslotID: ", -1);
+		snprintf (temp, sizeof (temp), "SL%lu", info->slotID);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tstate: ", -1);
+		log_CKS (buf, info->state);
+		p11_buffer_add (buf, "\n\tflags: ", -1);
+		snprintf (temp, sizeof (temp), "%lX", info->flags);
+		p11_buffer_add (buf, temp, -1);
+		LOG_FLAG (buf, info->flags, had, CKF_SERIAL_SESSION);
+		LOG_FLAG (buf, info->flags, had, CKF_RW_SESSION);
+		p11_buffer_add (buf, "\n\tulDeviceError: ", -1);
+		snprintf (temp, sizeof (temp), "%lu", info->ulDeviceError);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n      }\n", -1);
+	}
+}
+
+static void
+log_slot_info (p11_buffer *buf,
+               const char *pref,
+               const char *name,
+               CK_SLOT_INFO_PTR info,
+               CK_RV status)
+{
+	char temp[32];
+	int had = 0;
+
+	if (status != CKR_OK)
+		return;
+	if (info == NULL) {
+		log_pointer (buf, pref, name, info, status);
+	} else {
+		p11_buffer_add (buf, pref, -1);
+		p11_buffer_add (buf, name, -1);
+		p11_buffer_add (buf, " = {\n", 5);
+		p11_buffer_add (buf, "\tslotDescription: \"", -1);
+		p11_buffer_add (buf, info->slotDescription, p11_kit_space_strlen (info->slotDescription, sizeof (info->slotDescription)));
+		p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1);
+		p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID)));
+		p11_buffer_add (buf, "\"\n\tflags: ", -1);
+		snprintf (temp, sizeof (temp), "%lu", info->flags);
+		p11_buffer_add (buf, temp, -1);
+		LOG_FLAG (buf, info->flags, had, CKF_TOKEN_PRESENT);
+		LOG_FLAG (buf, info->flags, had, CKF_REMOVABLE_DEVICE);
+		LOG_FLAG (buf, info->flags, had, CKF_HW_SLOT);
+		p11_buffer_add (buf, "\n\thardwareVersion: ", -1);
+		snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major,
+		          (unsigned int)info->hardwareVersion.minor);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1);
+		snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major,
+		          (unsigned int)info->firmwareVersion.minor);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n      }\n", -1);
+	}
+}
+
+static void
+log_string (p11_buffer *buf,
+            const char *pref,
+            const char *name,
+            CK_UTF8CHAR_PTR str,
+            const CK_RV status)
+{
+	if (status != CKR_OK)
+		return;
+	if (str == NULL) {
+		log_pointer (buf, pref, name, str, status);
+	} else {
+		p11_buffer_add (buf, pref, -1);
+		p11_buffer_add (buf, name, -1);
+		p11_buffer_add (buf, " = \"", 4);
+		p11_buffer_add (buf, str, -1);
+		p11_buffer_add (buf, "\"\n", 2);
+	}
+}
+
+static void
+log_token_number (p11_buffer *buf,
+                  CK_ULONG number)
+{
+	char temp[32];
+
+	if (number == 0) {
+		p11_buffer_add (buf, "CK_UNAVAILABLE_INFORMATION", -1);
+	} else if (number == (CK_ULONG)-1) {
+		p11_buffer_add (buf, "CK_EFFECTIVELY_INFINITE", -1);
+	} else {
+		snprintf (temp, sizeof (temp), "%lu", number);
+		p11_buffer_add (buf, temp, -1);
+	}
+}
+
+static void
+log_token_info (p11_buffer *buf,
+                const char *pref,
+                const char *name,
+                CK_TOKEN_INFO_PTR info,
+                CK_RV status)
+{
+	char temp[32];
+	int had = 0;
+
+	if (status != CKR_OK)
+		return;
+	if (info == NULL) {
+		log_pointer (buf, pref, name, info, status);
+	} else {
+		p11_buffer_add (buf, pref, -1);
+		p11_buffer_add (buf, name, -1);
+		p11_buffer_add (buf, " = {\n", 5);
+		p11_buffer_add (buf, "\tlabel: \"", -1);
+		p11_buffer_add (buf, info->label, p11_kit_space_strlen (info->label, sizeof (info->label)));
+		p11_buffer_add (buf, "\"\n\tmanufacturerID: \"", -1);
+		p11_buffer_add (buf, info->manufacturerID, p11_kit_space_strlen (info->manufacturerID, sizeof (info->manufacturerID)));
+		p11_buffer_add (buf, "\"\n\tmodel: \"", -1);
+		p11_buffer_add (buf, info->model, p11_kit_space_strlen (info->model, sizeof (info->model)));
+		p11_buffer_add (buf, "\"\n\tserialNumber: \"", -1);
+		p11_buffer_add (buf, info->serialNumber, p11_kit_space_strlen (info->serialNumber, sizeof (info->serialNumber)));
+		p11_buffer_add (buf, "\"\n\tflags: ", -1);
+		snprintf (temp, sizeof (temp), "%lu", info->flags);
+		p11_buffer_add (buf, temp, -1);
+		LOG_FLAG (buf, info->flags, had, CKF_RNG);
+		LOG_FLAG (buf, info->flags, had, CKF_WRITE_PROTECTED);
+		LOG_FLAG (buf, info->flags, had, CKF_LOGIN_REQUIRED);
+		LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_INITIALIZED);
+		LOG_FLAG (buf, info->flags, had, CKF_RESTORE_KEY_NOT_NEEDED);
+		LOG_FLAG (buf, info->flags, had, CKF_CLOCK_ON_TOKEN);
+		LOG_FLAG (buf, info->flags, had, CKF_PROTECTED_AUTHENTICATION_PATH);
+		LOG_FLAG (buf, info->flags, had, CKF_DUAL_CRYPTO_OPERATIONS);
+		LOG_FLAG (buf, info->flags, had, CKF_TOKEN_INITIALIZED);
+		LOG_FLAG (buf, info->flags, had, CKF_SECONDARY_AUTHENTICATION);
+		LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_COUNT_LOW);
+		LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_FINAL_TRY);
+		LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_LOCKED);
+		LOG_FLAG (buf, info->flags, had, CKF_USER_PIN_TO_BE_CHANGED);
+		LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_COUNT_LOW);
+		LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_FINAL_TRY);
+		LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_LOCKED);
+		LOG_FLAG (buf, info->flags, had, CKF_SO_PIN_TO_BE_CHANGED);
+		if (!had) {
+			snprintf (temp, sizeof (temp), "%lu", info->flags);
+			p11_buffer_add (buf, temp, -1);
+		}
+
+		p11_buffer_add (buf, "\n\tulMaxSessionCount: ", -1);
+		log_token_number (buf, info->ulMaxSessionCount);
+		p11_buffer_add (buf, "\n\tulSessionCount: ", -1);
+		snprintf (temp, sizeof (temp), "%lu", info->ulSessionCount);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tulMaxRwSessionCount: ", -1);
+		log_token_number (buf, info->ulMaxSessionCount);
+		p11_buffer_add (buf, "\n\tulRwSessionCount: ", -1);
+		snprintf (temp, sizeof (temp), "%lu", info->ulRwSessionCount);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tulMaxPinLen: ", -1);
+		snprintf (temp, sizeof (temp), "%lu", info->ulMaxPinLen);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tulMinPinLen: ", -1);
+		snprintf (temp, sizeof (temp), "%lu", info->ulMinPinLen);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tulTotalPublicMemory: ", -1);
+		log_token_number (buf, info->ulMaxSessionCount);
+		p11_buffer_add (buf, "\n\tulFreePublicMemory: ", -1);
+		log_token_number (buf, info->ulMaxSessionCount);
+		p11_buffer_add (buf, "\n\tulTotalPrivateMemory: ", -1);
+		log_token_number (buf, info->ulMaxSessionCount);
+		p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1);
+		log_token_number (buf, info->ulMaxSessionCount);
+		p11_buffer_add (buf, "\n\tulFreePrivateMemory: ", -1);
+		log_token_number (buf, info->ulMaxSessionCount);
+		p11_buffer_add (buf, "\n\thardwareVersion: ", -1);
+		snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->hardwareVersion.major,
+		          (unsigned int)info->hardwareVersion.minor);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tfirmwareVersion: ", -1);
+		snprintf (temp, sizeof (temp), "%u.%u", (unsigned int)info->firmwareVersion.major,
+		          (unsigned int)info->firmwareVersion.minor);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n\tutcTime: ", -1);
+		p11_buffer_add (buf, (info->flags & CKF_CLOCK_ON_TOKEN) ? (const char*)info->utcTime : "", -1);
+		p11_buffer_add (buf, "\n      }\n", -1);
+	}
+}
+
+static void
+log_ulong (p11_buffer *buf,
+           const char *pref,
+           const char *name,
+           CK_ULONG val,
+           const char* npref,
+           CK_RV status)
+{
+	char temp[32];
+
+	if (!npref)
+		npref = "";
+	if (status == CKR_OK) {
+		p11_buffer_add (buf, pref, -1);
+		p11_buffer_add (buf, name, -1);
+		p11_buffer_add (buf, " = ", 3);
+		p11_buffer_add (buf, npref, -1);
+		snprintf (temp, sizeof (temp), "%lu", val);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n", 1);
+	}
+}
+
+static void
+log_ulong_array (p11_buffer *buf,
+                 const char *pref,
+                 const char *name,
+                 CK_ULONG_PTR arr,
+                 CK_ULONG_PTR num,
+                 const char *npref,
+                 CK_RV status)
+{
+	char temp[32];
+	CK_ULONG i;
+
+	if (status == CKR_BUFFER_TOO_SMALL) {
+		arr = NULL;
+		status = CKR_OK;
+	}
+
+	if (status != CKR_OK)
+		return;
+	if (npref == NULL)
+		npref = "";
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = ", 3);
+	if (num == NULL) {
+		p11_buffer_add (buf, "(?) NO-VALUES\n", -1);
+	} else if (arr == NULL) {
+		snprintf (temp, sizeof (temp), "(%lu) NO-VALUES\n", *num);
+		p11_buffer_add (buf, temp, -1);
+	} else {
+		snprintf (temp, sizeof (temp), "(%lu) [ ", *num);
+		p11_buffer_add (buf, temp, -1);
+		for (i = 0; i < *num; ++i) {
+			if (i > 0)
+				p11_buffer_add (buf, ", ", 2);
+			p11_buffer_add (buf, npref, -1);
+			snprintf (temp, sizeof (temp), "%lu", arr[i]);
+			p11_buffer_add (buf, temp, -1);
+		}
+		p11_buffer_add (buf, " ]\n", 3);
+	}
+}
+
+static void
+log_ulong_pointer (p11_buffer *buf,
+                   const char *pref,
+                   const char *name,
+                   CK_ULONG_PTR val,
+                   const char *npref,
+                   CK_RV status)
+{
+	char temp[32];
+
+	if (status != CKR_OK)
+		return;
+	if (npref == NULL)
+		npref = "";
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = ", 3);
+	if (val == NULL) {
+		p11_buffer_add (buf, "NULL\n", 5);
+	} else {
+		snprintf (temp, sizeof (temp), "0x%08lX", (unsigned long)(size_t)val);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, " = ", 3);
+		p11_buffer_add (buf, npref, -1);
+		snprintf (temp, sizeof (temp), "%lu", *val);
+		p11_buffer_add (buf, temp, -1);
+		p11_buffer_add (buf, "\n", 1);
+	}
+}
+
+static void
+log_user_type (p11_buffer *buf,
+               const char *pref,
+               const char *name,
+               CK_USER_TYPE val,
+               CK_RV status)
+{
+	if (status != CKR_OK)
+		return;
+	p11_buffer_add (buf, pref, -1);
+	p11_buffer_add (buf, name, -1);
+	p11_buffer_add (buf, " = ", 3);
+	log_CKU (buf, val);
+	p11_buffer_add (buf, "\n", 1);
+}
+
+static void
+flush_buffer (p11_buffer *buf)
+{
+	if (p11_log_output) {
+		fwrite (buf->data, 1, buf->len, stderr);
+		fflush (stderr);
+	}
+	p11_buffer_reset (buf, 128);
+}
+
+#define BEGIN_CALL(name) \
+	{ \
+		LogData *_log = (LogData *)self; \
+		const char* _name = "C_" #name; \
+		p11_buffer _buf; \
+		CK_X_##name _func = _log->lower->C_##name; \
+		CK_RV _ret = CKR_OK; \
+		p11_buffer_init_null (&_buf, 128); \
+		return_val_if_fail (_func != NULL, CKR_DEVICE_ERROR); \
+		p11_buffer_add (&_buf, _name, -1); \
+		p11_buffer_add (&_buf, "\n", 1); \
+		self = _log->lower;
+
+#define PROCESS_CALL(args) \
+		flush_buffer (&_buf); \
+		_ret = (_func) args;
+
+#define DONE_CALL \
+		p11_buffer_add (&_buf, _name, -1); \
+		p11_buffer_add (&_buf, " = ", 3); \
+		log_CKR (&_buf, _ret); \
+		p11_buffer_add (&_buf, "\n", 1); \
+		flush_buffer (&_buf); \
+		p11_buffer_uninit (&_buf); \
+		return _ret; \
+	}
+
+#define LIN  "  IN: "
+#define LOUT " OUT: "
+
+#define IN_ATTRIBUTE_ARRAY(a, n) \
+		log_attribute_types (&_buf, LIN, #a, a, n, CKR_OK);
+
+#define IN_BOOL(a) \
+		log_bool (&_buf, LIN, #a, a, CKR_OK);
+
+#define IN_BYTE_ARRAY(a, n) \
+		log_byte_array (&_buf, LIN, #a, a, &n, CKR_OK);
+
+#define IN_HANDLE(a) \
+		log_ulong (&_buf, LIN, #a, a, "H", CKR_OK);
+
+#define IN_INIT_ARGS(a) \
+		log_pInitArgs (&_buf, LIN, #a, a, CKR_OK);
+
+#define IN_POINTER(a) \
+		log_pointer (&_buf, LIN, #a, a, CKR_OK);
+
+#define IN_MECHANISM(a) \
+		log_mechanism (&_buf, LIN, #a, a, CKR_OK);
+
+#define IN_MECHANISM_TYPE(a) \
+		log_mechanism_type (&_buf, LIN, #a, a, CKR_OK);
+
+#define IN_SESSION(a) \
+		log_ulong (&_buf, LIN, #a, a, "S", CKR_OK);
+
+#define IN_SLOT_ID(a) \
+		log_ulong (&_buf, LIN, #a, a, "SL", CKR_OK);
+
+#define IN_STRING(a) \
+		log_string (&_buf, LIN, #a, a, CKR_OK);
+
+#define IN_ULONG(a) \
+		log_ulong (&_buf, LIN, #a, a, NULL, CKR_OK);
+
+#define IN_ULONG_PTR(a) \
+		log_ulong_pointer (&_buf, LIN, #a, a, NULL, CKR_OK);
+
+#define IN_USER_TYPE(a) \
+		log_user_type (&_buf, LIN, #a, a, CKR_OK);
+
+#define OUT_ATTRIBUTE_ARRAY(a, n) \
+		log_attribute_array (&_buf, LOUT, #a, a, n, _ret);
+
+#define OUT_BYTE_ARRAY(a, n) \
+		log_byte_array(&_buf, LOUT, #a, a, n, _ret);
+
+#define OUT_HANDLE(a) \
+		log_ulong_pointer (&_buf, LOUT, #a, a, "H", _ret);
+
+#define OUT_HANDLE_ARRAY(a, n) \
+		log_ulong_array (&_buf, LOUT, #a, a, n, "H", _ret);
+
+#define OUT_INFO(a) \
+		log_info (&_buf, LOUT, #a, a, _ret);
+
+#define OUT_MECHANISM_INFO(a) \
+		log_mechanism_info (&_buf, LOUT, #a, a, _ret);
+
+#define OUT_MECHANISM_TYPE_ARRAY(a, n) \
+		log_mechanism_type_array (&_buf, LOUT, #a, a, n, _ret);
+
+#define OUT_POINTER(a) \
+		log_pointer (&_buf, LOUT, #a, a, _ret);
+
+#define OUT_SESSION(a) \
+		log_ulong_pointer (&_buf, LOUT, #a, a, "S", _ret);
+
+#define OUT_SESSION_INFO(a) \
+		log_session_info (&_buf, LOUT, #a, a, _ret);
+
+#define OUT_SLOT_ID_ARRAY(a, n) \
+		log_ulong_array (&_buf, LOUT, #a, a, n, "SL", _ret);
+
+#define OUT_SLOT_ID(a) \
+		log_ulong_pointer (&_buf, LOUT, #a, a, "SL", _ret);
+
+#define OUT_SLOT_INFO(a) \
+		log_slot_info (&_buf, LOUT, #a, a, _ret);
+
+#define OUT_TOKEN_INFO(a) \
+		log_token_info (&_buf, LOUT, #a, a, _ret);
+
+#define OUT_ULONG(a) \
+		log_ulong_pointer (&_buf, LOUT, #a, a, NULL, _ret);
+
+#define OUT_ULONG_ARRAY(a, n) \
+		log_ulong_array (&_buf, LOUT, #a, a, n, NULL, _ret);
+
+
+
+/* ---------------------------------------------------------------- */
+
+static CK_RV
+log_C_Initialize (CK_X_FUNCTION_LIST *self,
+                  CK_VOID_PTR pInitArgs)
+{
+	BEGIN_CALL (Initialize)
+		IN_INIT_ARGS (pInitArgs)
+	PROCESS_CALL ((self, pInitArgs))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_Finalize (CK_X_FUNCTION_LIST *self,
+                CK_VOID_PTR pReserved)
+{
+	BEGIN_CALL (Finalize)
+		IN_POINTER (pReserved)
+	PROCESS_CALL ((self, pReserved))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetInfo (CK_X_FUNCTION_LIST *self,
+               CK_INFO_PTR pInfo)
+{
+	BEGIN_CALL (GetInfo)
+	PROCESS_CALL ((self, pInfo))
+		OUT_INFO (pInfo)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetSlotList (CK_X_FUNCTION_LIST *self,
+                   CK_BBOOL tokenPresent,
+                   CK_SLOT_ID_PTR pSlotList,
+                   CK_ULONG_PTR pulCount)
+{
+	BEGIN_CALL (GetSlotList)
+		IN_BOOL (tokenPresent)
+		IN_ULONG_PTR (pulCount)
+	PROCESS_CALL ((self, tokenPresent, pSlotList, pulCount))
+		OUT_SLOT_ID_ARRAY (pSlotList, pulCount)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
+                   CK_SLOT_ID slotID,
+                   CK_SLOT_INFO_PTR pInfo)
+{
+	BEGIN_CALL (GetSlotInfo)
+		IN_SLOT_ID (slotID)
+	PROCESS_CALL ((self, slotID, pInfo))
+		OUT_SLOT_INFO (pInfo)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
+                    CK_SLOT_ID slotID,
+                    CK_TOKEN_INFO_PTR pInfo)
+{
+	BEGIN_CALL (GetTokenInfo)
+		IN_SLOT_ID (slotID)
+	PROCESS_CALL ((self, slotID, pInfo))
+		OUT_TOKEN_INFO (pInfo)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
+                        CK_SLOT_ID slotID,
+                        CK_MECHANISM_TYPE_PTR pMechanismList,
+                        CK_ULONG_PTR pulCount)
+{
+	BEGIN_CALL (GetMechanismList)
+		IN_SLOT_ID (slotID)
+		IN_ULONG_PTR (pulCount)
+	PROCESS_CALL ((self, slotID, pMechanismList, pulCount))
+		OUT_MECHANISM_TYPE_ARRAY (pMechanismList, pulCount)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
+                        CK_SLOT_ID slotID,
+                        CK_MECHANISM_TYPE type,
+                        CK_MECHANISM_INFO_PTR pInfo)
+{
+	BEGIN_CALL (GetMechanismInfo)
+		IN_SLOT_ID (slotID)
+		IN_MECHANISM_TYPE (type)
+	PROCESS_CALL ((self, slotID, type, pInfo))
+		OUT_MECHANISM_INFO (pInfo)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_InitToken (CK_X_FUNCTION_LIST *self,
+                 CK_SLOT_ID slotID,
+                 CK_UTF8CHAR_PTR pPin,
+                 CK_ULONG ulPinLen,
+                 CK_UTF8CHAR_PTR pLabel)
+{
+	BEGIN_CALL (InitToken)
+		IN_SLOT_ID (slotID)
+		IN_BYTE_ARRAY (pPin, ulPinLen)
+		IN_STRING (pLabel)
+	PROCESS_CALL ((self, slotID, pPin, ulPinLen, pLabel))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
+                        CK_FLAGS flags,
+                        CK_SLOT_ID_PTR pSlot,
+                        CK_VOID_PTR pReserved)
+{
+	char temp[32];
+	int had = 0;
+
+	BEGIN_CALL (WaitForSlotEvent)
+		p11_buffer_add (&_buf, "  IN: flags = ", -1);
+		snprintf (temp, sizeof (temp), "%lu", flags);
+		p11_buffer_add (&_buf, temp, -1);
+		LOG_FLAG (&_buf, flags, had, CKF_DONT_BLOCK);
+		p11_buffer_add (&_buf, "\n", 1);
+	PROCESS_CALL ((self, flags, pSlot, pReserved))
+		OUT_SLOT_ID (pSlot)
+		OUT_POINTER (pReserved)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_OpenSession (CK_X_FUNCTION_LIST *self,
+                   CK_SLOT_ID slotID,
+                   CK_FLAGS flags,
+                   CK_VOID_PTR pApplication,
+                   CK_NOTIFY Notify,
+                   CK_SESSION_HANDLE_PTR phSession)
+{
+	char temp[32];
+	int had = 0;
+
+	BEGIN_CALL (OpenSession)
+		IN_SLOT_ID (slotID)
+		p11_buffer_add (&_buf, "  IN: flags = ", -1);
+		snprintf (temp, sizeof (temp), "%lu", flags);
+		p11_buffer_add (&_buf, temp, -1);
+		LOG_FLAG (&_buf, flags, had, CKF_SERIAL_SESSION);
+		LOG_FLAG (&_buf, flags, had, CKF_RW_SESSION);
+		p11_buffer_add (&_buf, "\n", 1);
+		IN_POINTER (pApplication);
+		IN_POINTER (Notify);
+	PROCESS_CALL ((self, slotID, flags, pApplication, Notify, phSession));
+		OUT_SESSION (phSession)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_CloseSession (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE hSession)
+{
+	BEGIN_CALL (CloseSession)
+		IN_SESSION (hSession)
+	PROCESS_CALL ((self, hSession))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
+                        CK_SLOT_ID slotID)
+{
+	BEGIN_CALL (CloseAllSessions)
+		IN_SLOT_ID (slotID)
+	PROCESS_CALL ((self, slotID))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE hSession,
+                      CK_SESSION_INFO_PTR pInfo)
+{
+	BEGIN_CALL (GetSessionInfo)
+		IN_SESSION (hSession)
+	PROCESS_CALL ((self, hSession, pInfo))
+		OUT_SESSION_INFO (pInfo)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_InitPIN (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE hSession,
+               CK_UTF8CHAR_PTR pPin,
+               CK_ULONG ulPinLen)
+{
+	BEGIN_CALL (InitPIN)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pPin, ulPinLen)
+	PROCESS_CALL ((self, hSession, pPin, ulPinLen))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SetPIN (CK_X_FUNCTION_LIST *self,
+              CK_SESSION_HANDLE hSession,
+              CK_UTF8CHAR_PTR pOldPin,
+              CK_ULONG ulOldLen,
+              CK_UTF8CHAR_PTR pNewPin,
+              CK_ULONG ulNewLen)
+{
+	BEGIN_CALL (SetPIN)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pOldPin, ulOldLen)
+		IN_BYTE_ARRAY (pNewPin, ulNewLen);
+	PROCESS_CALL ((self, hSession, pOldPin, ulOldLen, pNewPin, ulNewLen))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetOperationState (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE hSession,
+                         CK_BYTE_PTR pOperationState,
+                         CK_ULONG_PTR pulOperationStateLen)
+{
+	BEGIN_CALL (GetOperationState)
+		IN_SESSION (hSession)
+		IN_ULONG_PTR (pulOperationStateLen)
+	PROCESS_CALL ((self, hSession, pOperationState, pulOperationStateLen))
+		OUT_BYTE_ARRAY (pOperationState, pulOperationStateLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SetOperationState (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE hSession,
+                         CK_BYTE_PTR pOperationState,
+                         CK_ULONG ulOperationStateLen,
+                         CK_OBJECT_HANDLE hEncryptionKey,
+                         CK_OBJECT_HANDLE hAuthenticationKey)
+{
+	BEGIN_CALL (SetOperationState)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pOperationState, ulOperationStateLen)
+		IN_HANDLE (hEncryptionKey)
+		IN_HANDLE (hAuthenticationKey)
+	PROCESS_CALL ((self, hSession, pOperationState, ulOperationStateLen, hEncryptionKey, hAuthenticationKey))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_Login (CK_X_FUNCTION_LIST *self,
+             CK_SESSION_HANDLE hSession,
+             CK_USER_TYPE userType,
+             CK_UTF8CHAR_PTR pPin,
+             CK_ULONG ulPinLen)
+{
+	BEGIN_CALL (Login)
+		IN_SESSION (hSession)
+		IN_USER_TYPE (userType)
+		IN_BYTE_ARRAY (pPin, ulPinLen);
+	PROCESS_CALL ((self, hSession, userType, pPin, ulPinLen))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_Logout (CK_X_FUNCTION_LIST *self,
+              CK_SESSION_HANDLE hSession)
+{
+	BEGIN_CALL (Logout)
+		IN_SESSION (hSession)
+	PROCESS_CALL ((self, hSession))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_CreateObject (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE hSession,
+                    CK_ATTRIBUTE_PTR pTemplate,
+                    CK_ULONG ulCount,
+                    CK_OBJECT_HANDLE_PTR phObject)
+{
+	BEGIN_CALL (CreateObject)
+		IN_SESSION (hSession)
+		IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
+	PROCESS_CALL ((self, hSession, pTemplate, ulCount, phObject))
+		OUT_HANDLE (phObject)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_CopyObject (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE hSession,
+                  CK_OBJECT_HANDLE hObject,
+                  CK_ATTRIBUTE_PTR pTemplate,
+                  CK_ULONG ulCount,
+                  CK_OBJECT_HANDLE_PTR phNewObject)
+{
+	BEGIN_CALL (CopyObject)
+		IN_SESSION (hSession)
+		IN_HANDLE (hObject)
+		IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
+	PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount, phNewObject))
+		OUT_HANDLE (phNewObject)
+	DONE_CALL
+}
+
+
+static CK_RV
+log_C_DestroyObject (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hObject)
+{
+	BEGIN_CALL (DestroyObject);
+		IN_SESSION (hSession)
+		IN_HANDLE (hObject)
+	PROCESS_CALL ((self, hSession, hObject))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hObject,
+                     CK_ULONG_PTR size)
+{
+	BEGIN_CALL (GetObjectSize);
+		IN_SESSION (hSession)
+		IN_HANDLE (hObject)
+	PROCESS_CALL ((self, hSession, hObject, size))
+		OUT_ULONG (size)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE hSession,
+                         CK_OBJECT_HANDLE hObject,
+                         CK_ATTRIBUTE_PTR pTemplate,
+                         CK_ULONG ulCount)
+{
+	BEGIN_CALL (GetAttributeValue)
+		IN_SESSION (hSession)
+		IN_HANDLE (hObject)
+		IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
+	PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount))
+		OUT_ATTRIBUTE_ARRAY (pTemplate, ulCount)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE hSession,
+                         CK_OBJECT_HANDLE hObject,
+                         CK_ATTRIBUTE_PTR pTemplate,
+                         CK_ULONG ulCount)
+{
+	BEGIN_CALL (SetAttributeValue)
+		IN_SESSION (hSession)
+		IN_HANDLE (hObject)
+		IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
+	PROCESS_CALL ((self, hSession, hObject, pTemplate, ulCount))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE hSession,
+                       CK_ATTRIBUTE_PTR pTemplate,
+                       CK_ULONG ulCount)
+{
+	BEGIN_CALL (FindObjectsInit)
+		IN_SESSION (hSession)
+		IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
+	PROCESS_CALL ((self, hSession, pTemplate, ulCount))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_FindObjects (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE hSession,
+                   CK_OBJECT_HANDLE_PTR object,
+                   CK_ULONG max_object_count,
+                   CK_ULONG_PTR object_count)
+{
+	BEGIN_CALL (FindObjects)
+		IN_SESSION (hSession)
+		IN_ULONG (max_object_count)
+	PROCESS_CALL ((self, hSession, object, max_object_count, object_count))
+		OUT_HANDLE_ARRAY (object, object_count)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE hSession)
+{
+	BEGIN_CALL (FindObjectsFinal)
+		IN_SESSION (hSession)
+	PROCESS_CALL ((self, hSession))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_EncryptInit (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE hSession,
+                   CK_MECHANISM_PTR pMechanism,
+                   CK_OBJECT_HANDLE hKey)
+{
+	BEGIN_CALL (EncryptInit)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_HANDLE (hKey)
+	PROCESS_CALL ((self, hSession, pMechanism, hKey))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_Encrypt (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE hSession,
+               CK_BYTE_PTR pData,
+               CK_ULONG ulDataLen,
+               CK_BYTE_PTR pEncryptedData,
+               CK_ULONG_PTR pulEncryptedDataLen)
+{
+	BEGIN_CALL (Encrypt)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pData, ulDataLen)
+	PROCESS_CALL ((self, hSession, pData, ulDataLen, pEncryptedData, pulEncryptedDataLen))
+		OUT_BYTE_ARRAY (pEncryptedData, pulEncryptedDataLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE hSession,
+                     CK_BYTE_PTR pPart,
+                     CK_ULONG ulPartLen,
+                     CK_BYTE_PTR pEncryptedPart,
+                     CK_ULONG_PTR pulEncryptedPartLen)
+{
+	BEGIN_CALL (EncryptUpdate)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pPart, ulPartLen)
+	PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen))
+		OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE hSession,
+                    CK_BYTE_PTR pLastEncryptedPart,
+                    CK_ULONG_PTR pulLastEncryptedPartLen)
+{
+	BEGIN_CALL (EncryptFinal)
+		IN_SESSION (hSession)
+	PROCESS_CALL ((self, hSession, pLastEncryptedPart, pulLastEncryptedPartLen))
+		OUT_BYTE_ARRAY (pLastEncryptedPart, pulLastEncryptedPartLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DecryptInit (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE hSession,
+                   CK_MECHANISM_PTR pMechanism,
+                   CK_OBJECT_HANDLE hKey)
+{
+	BEGIN_CALL (DecryptInit)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_HANDLE (hKey)
+	PROCESS_CALL ((self, hSession, pMechanism, hKey))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_Decrypt (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE hSession,
+               CK_BYTE_PTR pEncryptedData,
+               CK_ULONG ulEncryptedDataLen,
+               CK_BYTE_PTR pData,
+               CK_ULONG_PTR pulDataLen)
+{
+	BEGIN_CALL (Decrypt)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pEncryptedData, ulEncryptedDataLen)
+	PROCESS_CALL ((self, hSession, pEncryptedData, ulEncryptedDataLen, pData, pulDataLen))
+		OUT_BYTE_ARRAY (pData, pulDataLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE hSession,
+                     CK_BYTE_PTR pEncryptedPart,
+                     CK_ULONG ulEncryptedPartLen,
+                     CK_BYTE_PTR pPart,
+                     CK_ULONG_PTR pulPartLen)
+{
+	BEGIN_CALL (DecryptUpdate)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen)
+	PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen))
+		OUT_BYTE_ARRAY (pPart, pulPartLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE hSession,
+                    CK_BYTE_PTR pLastPart,
+                    CK_ULONG_PTR pulLastPartLen)
+{
+	BEGIN_CALL (DecryptFinal)
+		IN_SESSION (hSession)
+	PROCESS_CALL ((self, hSession, pLastPart, pulLastPartLen))
+		OUT_BYTE_ARRAY (pLastPart, pulLastPartLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DigestInit (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE hSession,
+                  CK_MECHANISM_PTR pMechanism)
+{
+	BEGIN_CALL (DigestInit)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+	PROCESS_CALL ((self, hSession, pMechanism))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_Digest (CK_X_FUNCTION_LIST *self,
+              CK_SESSION_HANDLE hSession,
+              CK_BYTE_PTR pData,
+              CK_ULONG ulDataLen,
+              CK_BYTE_PTR pDigest,
+              CK_ULONG_PTR pulDigestLen)
+{
+	BEGIN_CALL (Digest)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pData, ulDataLen)
+	PROCESS_CALL ((self, hSession, pData, ulDataLen, pDigest, pulDigestLen))
+		OUT_BYTE_ARRAY (pDigest, pulDigestLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE hSession,
+                    CK_BYTE_PTR pPart,
+                    CK_ULONG ulPartLen)
+{
+	BEGIN_CALL (DigestUpdate)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pPart, ulPartLen)
+	PROCESS_CALL ((self, hSession, pPart, ulPartLen))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DigestKey (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE hSession,
+                 CK_OBJECT_HANDLE hKey)
+{
+	BEGIN_CALL (DigestKey)
+		IN_SESSION (hSession)
+		IN_HANDLE (hKey)
+	PROCESS_CALL ((self, hSession, hKey))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DigestFinal (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE hSession,
+                   CK_BYTE_PTR pDigest,
+                   CK_ULONG_PTR pulDigestLen)
+{
+	BEGIN_CALL (DigestFinal)
+		IN_SESSION (hSession)
+	PROCESS_CALL ((self, hSession, pDigest, pulDigestLen))
+		OUT_BYTE_ARRAY (pDigest, pulDigestLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SignInit (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE hSession,
+                CK_MECHANISM_PTR pMechanism,
+                CK_OBJECT_HANDLE hKey)
+{
+	BEGIN_CALL (SignInit)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_HANDLE (hKey)
+	PROCESS_CALL ((self, hSession, pMechanism, hKey))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_Sign (CK_X_FUNCTION_LIST *self,
+            CK_SESSION_HANDLE hSession,
+            CK_BYTE_PTR pData,
+            CK_ULONG ulDataLen,
+            CK_BYTE_PTR pSignature,
+            CK_ULONG_PTR pulSignatureLen)
+{
+	BEGIN_CALL (Sign)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pData, ulDataLen)
+	PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen))
+		OUT_BYTE_ARRAY (pSignature, pulSignatureLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SignUpdate (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE hSession,
+                  CK_BYTE_PTR pPart,
+                  CK_ULONG ulPartLen)
+{
+	BEGIN_CALL (SignUpdate)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pPart, ulPartLen)
+	PROCESS_CALL ((self, hSession, pPart, ulPartLen))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SignFinal (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR pSignature,
+                 CK_ULONG_PTR pulSignatureLen)
+{
+	BEGIN_CALL (SignFinal)
+		IN_SESSION (hSession)
+	PROCESS_CALL ((self, hSession, pSignature, pulSignatureLen))
+		OUT_BYTE_ARRAY (pSignature, pulSignatureLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE hSession,
+                       CK_MECHANISM_PTR pMechanism,
+                       CK_OBJECT_HANDLE hKey)
+{
+	BEGIN_CALL (SignRecoverInit)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_HANDLE (hKey)
+	PROCESS_CALL ((self, hSession, pMechanism, hKey))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SignRecover (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE hSession,
+                   CK_BYTE_PTR pData,
+                   CK_ULONG ulDataLen,
+                   CK_BYTE_PTR pSignature,
+                   CK_ULONG_PTR pulSignatureLen)
+{
+	BEGIN_CALL (SignRecover)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pData, ulDataLen)
+	PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, pulSignatureLen))
+		OUT_BYTE_ARRAY (pSignature, pulSignatureLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_VerifyInit (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE hSession,
+                  CK_MECHANISM_PTR pMechanism,
+                  CK_OBJECT_HANDLE hKey)
+{
+	BEGIN_CALL (VerifyInit);
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_HANDLE (hKey)
+	PROCESS_CALL ((self, hSession, pMechanism, hKey))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_Verify (CK_X_FUNCTION_LIST *self,
+              CK_SESSION_HANDLE hSession,
+              CK_BYTE_PTR pData,
+              CK_ULONG ulDataLen,
+              CK_BYTE_PTR pSignature,
+              CK_ULONG ulSignatureLen)
+{
+	BEGIN_CALL (Verify)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pData, ulDataLen)
+		IN_BYTE_ARRAY (pSignature, ulSignatureLen)
+	PROCESS_CALL ((self, hSession, pData, ulDataLen, pSignature, ulSignatureLen))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE hSession,
+                    CK_BYTE_PTR pPart,
+                    CK_ULONG ulPartLen)
+{
+	BEGIN_CALL (VerifyUpdate)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pPart, ulPartLen)
+	PROCESS_CALL ((self, hSession, pPart, ulPartLen))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE hSession,
+                   CK_BYTE_PTR pSignature,
+                   CK_ULONG ulSignatureLen)
+{
+	BEGIN_CALL (VerifyFinal)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pSignature, ulSignatureLen);
+	PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE hSession,
+                         CK_MECHANISM_PTR pMechanism,
+                         CK_OBJECT_HANDLE hKey)
+{
+	BEGIN_CALL (VerifyRecoverInit)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_HANDLE (hKey)
+	PROCESS_CALL ((self, hSession, pMechanism, hKey))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE hSession,
+                     CK_BYTE_PTR pSignature,
+                     CK_ULONG ulSignatureLen,
+                     CK_BYTE_PTR pData,
+                     CK_ULONG_PTR pulDataLen)
+{
+	BEGIN_CALL (VerifyRecover)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pSignature, ulSignatureLen)
+	PROCESS_CALL ((self, hSession, pSignature, ulSignatureLen, pData, pulDataLen))
+		OUT_BYTE_ARRAY (pData, pulDataLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE hSession,
+                           CK_BYTE_PTR pPart,
+                           CK_ULONG ulPartLen,
+                           CK_BYTE_PTR pEncryptedPart,
+                           CK_ULONG_PTR pulEncryptedPartLen)
+{
+	BEGIN_CALL (DigestEncryptUpdate);
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pPart, ulPartLen)
+	PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen))
+		OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE hSession,
+                           CK_BYTE_PTR pEncryptedPart,
+                           CK_ULONG ulEncryptedPartLen,
+                           CK_BYTE_PTR pPart,
+                           CK_ULONG_PTR pulPartLen)
+{
+	BEGIN_CALL (DecryptDigestUpdate)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen)
+	PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen))
+		OUT_BYTE_ARRAY (pPart, pulPartLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE hSession,
+                         CK_BYTE_PTR pPart,
+                         CK_ULONG ulPartLen,
+                         CK_BYTE_PTR pEncryptedPart,
+                         CK_ULONG_PTR pulEncryptedPartLen)
+{
+	BEGIN_CALL (SignEncryptUpdate)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pPart, ulPartLen)
+	PROCESS_CALL ((self, hSession, pPart, ulPartLen, pEncryptedPart, pulEncryptedPartLen))
+		OUT_BYTE_ARRAY (pEncryptedPart, pulEncryptedPartLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE hSession,
+                           CK_BYTE_PTR pEncryptedPart,
+                           CK_ULONG ulEncryptedPartLen,
+                           CK_BYTE_PTR pPart,
+                           CK_ULONG_PTR pulPartLen)
+{
+	BEGIN_CALL (DecryptVerifyUpdate)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pEncryptedPart, ulEncryptedPartLen)
+	PROCESS_CALL ((self, hSession, pEncryptedPart, ulEncryptedPartLen, pPart, pulPartLen))
+		OUT_BYTE_ARRAY (pPart, pulPartLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GenerateKey (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE hSession,
+                   CK_MECHANISM_PTR pMechanism,
+                   CK_ATTRIBUTE_PTR pTemplate,
+                   CK_ULONG ulCount,
+                   CK_OBJECT_HANDLE_PTR phKey)
+{
+	BEGIN_CALL (GenerateKey)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_ATTRIBUTE_ARRAY (pTemplate, ulCount)
+	PROCESS_CALL ((self, hSession, pMechanism, pTemplate, ulCount, phKey))
+		OUT_HANDLE (phKey)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE hSession,
+                       CK_MECHANISM_PTR pMechanism,
+                       CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+                       CK_ULONG ulPublicKeyAttributeCount,
+                       CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+                       CK_ULONG ulPrivateKeyAttributeCount,
+                       CK_OBJECT_HANDLE_PTR phPublicKey,
+                       CK_OBJECT_HANDLE_PTR phPrivateKey)
+{
+	BEGIN_CALL (GenerateKeyPair)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_ATTRIBUTE_ARRAY (pPublicKeyTemplate, ulPublicKeyAttributeCount)
+		IN_ATTRIBUTE_ARRAY (pPrivateKeyTemplate, ulPrivateKeyAttributeCount)
+	PROCESS_CALL ((self, hSession, pMechanism, pPublicKeyTemplate, ulPublicKeyAttributeCount,
+	               pPrivateKeyTemplate, ulPrivateKeyAttributeCount, phPublicKey, phPrivateKey))
+		OUT_HANDLE (phPublicKey)
+		OUT_HANDLE (phPrivateKey)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_WrapKey (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE hSession,
+               CK_MECHANISM_PTR pMechanism,
+               CK_OBJECT_HANDLE hWrappingKey,
+               CK_OBJECT_HANDLE hKey,
+               CK_BYTE_PTR pWrappedKey,
+               CK_ULONG_PTR pulWrappedKeyLen)
+{
+	BEGIN_CALL (WrapKey)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_HANDLE (hWrappingKey)
+		IN_HANDLE (hKey)
+	PROCESS_CALL ((self, hSession, pMechanism, hWrappingKey, hKey, pWrappedKey, pulWrappedKeyLen))
+		OUT_BYTE_ARRAY (pWrappedKey, pulWrappedKeyLen)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE hSession,
+                 CK_MECHANISM_PTR pMechanism,
+                 CK_OBJECT_HANDLE hUnwrappingKey,
+                 CK_BYTE_PTR pWrappedKey,
+                 CK_ULONG ulWrappedKeyLen,
+                 CK_ATTRIBUTE_PTR pTemplate,
+                 CK_ULONG ulAttributeCount,
+                 CK_OBJECT_HANDLE_PTR phKey)
+{
+	BEGIN_CALL (UnwrapKey)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_HANDLE (hUnwrappingKey)
+		IN_BYTE_ARRAY (pWrappedKey, ulWrappedKeyLen)
+		IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount)
+	PROCESS_CALL ((self, hSession, pMechanism, hUnwrappingKey, pWrappedKey,
+			ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey))
+		OUT_HANDLE (phKey)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_DeriveKey (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE hSession,
+                 CK_MECHANISM_PTR pMechanism,
+                 CK_OBJECT_HANDLE hBaseKey,
+                 CK_ATTRIBUTE_PTR pTemplate,
+                 CK_ULONG ulAttributeCount,
+                 CK_OBJECT_HANDLE_PTR phObject)
+{
+	BEGIN_CALL (DeriveKey)
+		IN_SESSION (hSession)
+		IN_MECHANISM (pMechanism)
+		IN_HANDLE (hBaseKey)
+		IN_ATTRIBUTE_ARRAY (pTemplate, ulAttributeCount)
+	PROCESS_CALL ((self, hSession, pMechanism, hBaseKey, pTemplate, ulAttributeCount, phObject))
+		OUT_HANDLE (phObject)
+	DONE_CALL
+}
+
+static CK_RV
+log_C_SeedRandom (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE hSession,
+                  CK_BYTE_PTR pSeed,
+                  CK_ULONG ulSeedLen)
+{
+	BEGIN_CALL (SeedRandom)
+		IN_SESSION (hSession)
+		IN_BYTE_ARRAY (pSeed, ulSeedLen);
+	PROCESS_CALL ((self, hSession, pSeed, ulSeedLen))
+	DONE_CALL
+}
+
+static CK_RV
+log_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE hSession,
+                      CK_BYTE_PTR pRandomData,
+                      CK_ULONG ulRandomLen)
+{
+	BEGIN_CALL (GenerateRandom)
+		IN_SESSION (hSession)
+		IN_ULONG (ulRandomLen)
+	PROCESS_CALL ((self, hSession, pRandomData, ulRandomLen))
+		OUT_BYTE_ARRAY (pRandomData, &ulRandomLen)
+	DONE_CALL
+}
+
+static CK_X_FUNCTION_LIST log_functions = {
+	{ -1, -1 },
+	log_C_Initialize,
+	log_C_Finalize,
+	log_C_GetInfo,
+	log_C_GetSlotList,
+	log_C_GetSlotInfo,
+	log_C_GetTokenInfo,
+	log_C_GetMechanismList,
+	log_C_GetMechanismInfo,
+	log_C_InitToken,
+	log_C_InitPIN,
+	log_C_SetPIN,
+	log_C_OpenSession,
+	log_C_CloseSession,
+	log_C_CloseAllSessions,
+	log_C_GetSessionInfo,
+	log_C_GetOperationState,
+	log_C_SetOperationState,
+	log_C_Login,
+	log_C_Logout,
+	log_C_CreateObject,
+	log_C_CopyObject,
+	log_C_DestroyObject,
+	log_C_GetObjectSize,
+	log_C_GetAttributeValue,
+	log_C_SetAttributeValue,
+	log_C_FindObjectsInit,
+	log_C_FindObjects,
+	log_C_FindObjectsFinal,
+	log_C_EncryptInit,
+	log_C_Encrypt,
+	log_C_EncryptUpdate,
+	log_C_EncryptFinal,
+	log_C_DecryptInit,
+	log_C_Decrypt,
+	log_C_DecryptUpdate,
+	log_C_DecryptFinal,
+	log_C_DigestInit,
+	log_C_Digest,
+	log_C_DigestUpdate,
+	log_C_DigestKey,
+	log_C_DigestFinal,
+	log_C_SignInit,
+	log_C_Sign,
+	log_C_SignUpdate,
+	log_C_SignFinal,
+	log_C_SignRecoverInit,
+	log_C_SignRecover,
+	log_C_VerifyInit,
+	log_C_Verify,
+	log_C_VerifyUpdate,
+	log_C_VerifyFinal,
+	log_C_VerifyRecoverInit,
+	log_C_VerifyRecover,
+	log_C_DigestEncryptUpdate,
+	log_C_DecryptDigestUpdate,
+	log_C_SignEncryptUpdate,
+	log_C_DecryptVerifyUpdate,
+	log_C_GenerateKey,
+	log_C_GenerateKeyPair,
+	log_C_WrapKey,
+	log_C_UnwrapKey,
+	log_C_DeriveKey,
+	log_C_SeedRandom,
+	log_C_GenerateRandom,
+	log_C_WaitForSlotEvent,
+};
+
+void
+p11_log_release (void *data)
+{
+	LogData *log = (LogData *)data;
+
+	return_if_fail (data != NULL);
+	p11_virtual_uninit (&log->virt);
+	free (log);
+}
+
+p11_virtual *
+p11_log_subclass (p11_virtual *lower,
+                  p11_destroyer destroyer)
+{
+	LogData *log;
+
+	log = calloc (1, sizeof (LogData));
+	return_val_if_fail (log != NULL, NULL);
+
+	p11_virtual_init (&log->virt, &log_functions, lower, destroyer);
+	log->lower = &lower->funcs;
+	return &log->virt;
+}
diff --git a/p11-kit/log.h b/p11-kit/log.h
new file mode 100644
index 0000000..d8169e8
--- /dev/null
+++ b/p11-kit/log.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2013, Red Hat Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ *
+ * CONTRIBUTORS
+ *  Stef Walter 
+ */
+
+#ifndef P11_LOG_H_
+#define P11_LOG_H_
+
+#include "virtual.h"
+
+p11_virtual *           p11_log_subclass         (p11_virtual *lower,
+                                                  p11_destroyer destroyer);
+
+void                    p11_log_release          (void *logger);
+
+extern bool             p11_log_force;
+
+extern bool             p11_log_output;
+
+#endif /* P11_LOG_H_ */
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index 19ba895..ef8cea6 100644
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -35,16 +35,23 @@
 
 #include "config.h"
 
-#include "conf.h"
+/* We use and define deprecated functions here */
+#define P11_KIT_NO_DEPRECATIONS
 #define P11_DEBUG_FLAG P11_DEBUG_LIB
+
+#include "conf.h"
 #include "debug.h"
 #include "dict.h"
 #include "library.h"
+#include "log.h"
 #include "message.h"
+#include "modules.h"
 #include "path.h"
 #include "pkcs11.h"
 #include "p11-kit.h"
 #include "private.h"
+#include "proxy.h"
+#include "virtual.h"
 
 #include 
 #include 
@@ -70,44 +77,83 @@
  * crypto objects (like keys and certificates) and to perform crypto operations.
  *
  * In order for applications to behave consistently with regard to the user's
- * installed PKCS\#11 modules, each module must be registered so that applications
+ * installed PKCS\#11 modules, each module must be configured so that applications
  * or libraries know that they should load it.
  *
- * The functions here provide support for initializing registered modules. The
- * p11_kit_initialize_registered() function should be used to load and initialize
- * the registered modules. When done, the p11_kit_finalize_registered() function
+ * When multiple consumers of a module (such as libraries or applications) are
+ * in the same process, coordination of the initialization and finalization
+ * of PKCS\#11 modules is required. To do this modules are managed by p11-kit.
+ * This means that various unsafe methods are coordinated between callers. Unmanaged
+ * modules are simply the raw PKCS\#11 module pointers without p11-kit getting in the
+ * way. It is highly recommended that the default managed behavior is used.
+ *
+ * The functions here provide support for initializing configured modules. The
+ * p11_kit_modules_load() function should be used to load and initialize
+ * the configured modules. When done, the p11_kit_modules_release() function
  * should be used to release those modules and associated resources.
  *
- * In addition p11_kit_registered_option() can be used to access other parts
+ * In addition p11_kit_config_option() can be used to access other parts
  * of the module configuration.
  *
- * When multiple consumers of a module (such as libraries or applications) are
- * in the same process, coordination of the initialization and finalization
- * of PKCS\#11 modules is required. The functions here automatically provide
- * initialization reference counting to make this work.
- *
  * If a consumer wishes to load an arbitrary PKCS\#11 module that's not
- * registered, that module should be initialized with p11_kit_initialize_module()
- * and finalized with p11_kit_finalize_module(). The module's own
- * C_Initialize and C_Finalize methods should not
- * be called directly.
+ * configured use p11_kit_module_load() to do so. And use p11_kit_module_release()
+ * to later release it.
  *
  * Modules are represented by a pointer to their CK_FUNCTION_LIST
- * entry points. This means that callers can load modules elsewhere, using
- * dlopen() for example, and then still use these methods on them.
+ * entry points.
+ */
+
+/**
+ * SECTION:p11-kit-deprecated
+ * @title: Deprecated
+ * @short_description: Deprecated functions
+ *
+ * These functions have been deprecated from p11-kit and are not recommended for
+ * general usage. In large part they were deprecated because they did not adequately
+ * insulate multiple callers of a PKCS\#11 module from another, and could not
+ * support the 'managed' mode needed to do this.
+ */
+
+/**
+ * P11_KIT_MODULE_UNMANAGED:
+ *
+ * Module is loaded in non 'managed' mode. This is not recommended,
+ * disables many features, and prevents coordination between multiple
+ * callers of the same module.
+ */
+
+/**
+ * P11_KIT_MODULE_CRITICAL:
+ *
+ * Flag to load a module in 'critical' mode. Failure to load a critical module
+ * will prevent all other modules from loading. A failure when loading a
+ * non-critical module skips that module.
  */
 
 typedef struct _Module {
-	CK_FUNCTION_LIST_PTR funcs;
+	/*
+	 * When using managed modules, this forms the base of the
+	 * virtual stack into which all the other modules call. This is also
+	 * the first field in this structure so we can cast between them.
+	 */
+	p11_virtual virt;
+
+	/* The initialize args built from configuration */
 	CK_C_INITIALIZE_ARGS init_args;
 	int ref_count;
+	int init_count;
 
 	/* Registered modules */
 	char *name;
 	p11_dict *config;
+	bool critical;
 
-	/* Loaded modules */
-	dl_module_t dl_module;
+	/*
+	 * This is a pointer to the actual dl shared module, or perhaps
+	 * the RPC client context.
+	 */
+	void *loaded_module;
+	p11_kit_destroyer loaded_destroy;
 
 	/* Initialization, mutex must be held */
 	p11_mutex_t initialize_mutex;
@@ -121,6 +167,8 @@ typedef struct _Module {
  */
 static struct _Shared {
 	p11_dict *modules;
+	p11_dict *unmanaged_by_funcs;
+	p11_dict *managed_by_closure;
 	p11_dict *config;
 } gl = { NULL, NULL };
 
@@ -184,15 +232,19 @@ free_module_unlocked (void *data)
 
 	assert (mod != NULL);
 
-	/* Module must be finalized */
-	assert (!mod->initialize_called);
-	assert (mod->initialize_thread == 0);
-
 	/* Module must have no outstanding references */
 	assert (mod->ref_count == 0);
 
-	if (mod->dl_module)
-		p11_dl_close (mod->dl_module);
+	if (mod->init_count > 0) {
+		p11_debug_precond ("module unloaded without C_Finalize having been "
+		                   "called for each C_Initialize");
+	} else {
+		assert (!mod->initialize_called);
+		assert (mod->initialize_thread == 0);
+	}
+
+	if (mod->loaded_destroy)
+		mod->loaded_destroy (mod->loaded_module);
 
 	p11_mutex_uninit (&mod->initialize_mutex);
 	p11_dict_free (mod->config);
@@ -215,28 +267,44 @@ alloc_module_unlocked (void)
 	mod->init_args.flags = CKF_OS_LOCKING_OK;
 	p11_mutex_init (&mod->initialize_mutex);
 
+	/*
+	 * The default for configured modules is non-critical, but for
+	 * modules loaded explicitly, and not from config, we treat them
+	 * as critical. So this gets overridden for configured modules
+	 * later when the config is loaded.
+	 */
+	mod->critical = true;
+
 	return mod;
 }
 
 static CK_RV
-dlopen_and_get_function_list (Module *mod, const char *path)
+dlopen_and_get_function_list (Module *mod,
+                              const char *path,
+                              CK_FUNCTION_LIST **funcs)
 {
 	CK_C_GetFunctionList gfl;
+	dl_module_t dl;
 	char *error;
 	CK_RV rv;
 
-	assert (mod);
-	assert (path);
+	assert (mod != NULL);
+	assert (path != NULL);
+	assert (funcs != NULL);
 
-	mod->dl_module = p11_dl_open (path);
-	if (mod->dl_module == NULL) {
+	dl = p11_dl_open (path);
+	if (dl == NULL) {
 		error = p11_dl_error ();
 		p11_message ("couldn't load module: %s: %s", path, error);
 		free (error);
 		return CKR_GENERAL_ERROR;
 	}
 
-	gfl = p11_dl_symbol (mod->dl_module, "C_GetFunctionList");
+	/* When the Module goes away, dlclose the loaded module */
+	mod->loaded_destroy = (p11_kit_destroyer)p11_dl_close;
+	mod->loaded_module = dl;
+
+	gfl = p11_dl_symbol (dl, "C_GetFunctionList");
 	if (!gfl) {
 		error = p11_dl_error ();
 		p11_message ("couldn't find C_GetFunctionList entry point in module: %s: %s",
@@ -245,65 +313,77 @@ dlopen_and_get_function_list (Module *mod, const char *path)
 		return CKR_GENERAL_ERROR;
 	}
 
-	rv = gfl (&mod->funcs);
+	rv = gfl (funcs);
 	if (rv != CKR_OK) {
 		p11_message ("call to C_GetFunctiontList failed in module: %s: %s",
 		             path, p11_kit_strerror (rv));
 		return rv;
 	}
 
+	if (p11_proxy_module_check (*funcs)) {
+		p11_message ("refusing to load the p11-kit-proxy.so module as a registered module");
+		return CKR_FUNCTION_FAILED;
+	}
+
+	p11_virtual_init (&mod->virt, &p11_virtual_base, *funcs, NULL);
 	p11_debug ("opened module: %s", path);
 	return CKR_OK;
 }
 
 static CK_RV
-load_module_from_file_unlocked (const char *path, Module **result)
+load_module_from_file_inlock (const char *name,
+                              const char *path,
+                              Module **result)
 {
+	CK_FUNCTION_LIST *funcs;
+	char *expand = NULL;
 	Module *mod;
 	Module *prev;
 	CK_RV rv;
 
+	assert (path != NULL);
+	assert (result != NULL);
+
 	mod = alloc_module_unlocked ();
 	return_val_if_fail (mod != NULL, CKR_HOST_MEMORY);
 
-	rv = dlopen_and_get_function_list (mod, path);
+	if (!p11_path_absolute (path)) {
+		p11_debug ("module path is relative, loading from: %s", P11_MODULE_PATH);
+		path = expand = p11_path_build (P11_MODULE_PATH, path, NULL);
+		return_val_if_fail (path != NULL, CKR_HOST_MEMORY);
+	}
+
+	p11_debug ("loading module %s%sfrom path: %s",
+	           name ? name : "", name ? " " : "", path);
+
+	rv = dlopen_and_get_function_list (mod, path, &funcs);
+	free (expand);
+
 	if (rv != CKR_OK) {
 		free_module_unlocked (mod);
 		return rv;
 	}
 
 	/* Do we have a previous one like this, if so ignore load */
-	prev = p11_dict_get (gl.modules, mod->funcs);
+	prev = p11_dict_get (gl.unmanaged_by_funcs, funcs);
 
+	/* If same module was loaded previously, just take over config */
 	if (prev != NULL) {
-		p11_debug ("duplicate module %s, using previous", path);
+		if (!name || prev->name || prev->config)
+			p11_debug ("duplicate module %s, using previous", path);
 		free_module_unlocked (mod);
 		mod = prev;
 
-	} else if (!p11_dict_set (gl.modules, mod->funcs, mod)) {
+	/* This takes ownership of the module */
+	} else if (!p11_dict_set (gl.modules, mod, mod) ||
+		   !p11_dict_set (gl.unmanaged_by_funcs, funcs, mod)) {
 		return_val_if_reached (CKR_HOST_MEMORY);
 	}
 
-	if (result)
-		*result= mod;
+	*result= mod;
 	return CKR_OK;
 }
 
-static char*
-expand_module_path (const char *filename)
-{
-	char *path;
-
-	if (!p11_path_absolute (filename)) {
-		p11_debug ("module path is relative, loading from: %s", P11_MODULE_PATH);
-		path = p11_path_build (P11_MODULE_PATH, filename, NULL);
-	} else {
-		path = strdup (filename);
-	}
-
-	return path;
-}
-
 static int
 is_list_delimiter (char ch)
 {
@@ -360,13 +440,12 @@ is_module_enabled_unlocked (const char *name,
 }
 
 static CK_RV
-take_config_and_load_module_unlocked (char **name,
-                                      p11_dict **config)
+take_config_and_load_module_inlock (char **name,
+                                    p11_dict **config,
+                                    bool critical)
 {
-	Module *mod, *prev;
-	const char *module_filename;
-	char *path;
-	char *key;
+	const char *filename;
+	Module *mod;
 	CK_RV rv;
 
 	assert (name);
@@ -377,36 +456,22 @@ take_config_and_load_module_unlocked (char **name,
 	if (!is_module_enabled_unlocked (*name, *config))
 		return CKR_OK;
 
-	module_filename = p11_dict_get (*config, "module");
-	if (module_filename == NULL) {
+	filename = p11_dict_get (*config, "module");
+	if (filename == NULL) {
 		p11_debug ("no module path for module, skipping: %s", *name);
 		return CKR_OK;
 	}
 
-	path = expand_module_path (module_filename);
-	return_val_if_fail (path != NULL, CKR_HOST_MEMORY);
-
-	key = strdup ("module");
-	return_val_if_fail (key != NULL, CKR_HOST_MEMORY);
-
-	/* The hash map will take ownership of the variable */
-	if (!p11_dict_set (*config, key, path))
-		return_val_if_reached (CKR_HOST_MEMORY);
-
-	mod = alloc_module_unlocked ();
-	return_val_if_fail (mod != NULL, CKR_HOST_MEMORY);
+	rv = load_module_from_file_inlock (*name, filename, &mod);
+	if (rv != CKR_OK)
+		return CKR_OK;
 
 	/* Take ownership of thes evariables */
 	mod->config = *config;
 	*config = NULL;
 	mod->name = *name;
 	*name = NULL;
-
-	rv = dlopen_and_get_function_list (mod, path);
-	if (rv != CKR_OK) {
-		free_module_unlocked (mod);
-		return rv;
-	}
+	mod->critical = critical;
 
 	/*
 	 * We support setting of CK_C_INITIALIZE_ARGS.pReserved from
@@ -415,27 +480,6 @@ take_config_and_load_module_unlocked (char **name,
 	 */
 	mod->init_args.pReserved = p11_dict_get (mod->config, "x-init-reserved");
 
-	prev = p11_dict_get (gl.modules, mod->funcs);
-
-	/* If same module was loaded previously, just take over config */
-	if (prev && !prev->name && !prev->config) {
-		prev->name = mod->name;
-		mod->name = NULL;
-		prev->config = mod->config;
-		mod->config = NULL;
-		free_module_unlocked (mod);
-
-	/* Ignore duplicate module */
-	} else if (prev) {
-		p11_message ("duplicate configured module: %s: %s", mod->name, path);
-		free_module_unlocked (mod);
-
-	/* Add this new module to our hash table */
-	} else {
-		if (!p11_dict_set (gl.modules, mod->funcs, mod))
-			return_val_if_reached (CKR_HOST_MEMORY);
-	}
-
 	return CKR_OK;
 }
 
@@ -485,8 +529,7 @@ load_registered_modules_unlocked (void)
 
 		/* Is this a critical module, should abort loading of others? */
 		critical = _p11_conf_parse_boolean (p11_dict_get (config, "critical"), false);
-
-		rv = take_config_and_load_module_unlocked (&name, &config);
+		rv = take_config_and_load_module_inlock (&name, &config, critical);
 
 		/*
 		 * These variables will be cleared if ownership is transeferred
@@ -510,10 +553,11 @@ load_registered_modules_unlocked (void)
 }
 
 static CK_RV
-initialize_module_unlocked_reentrant (Module *mod)
+initialize_module_inlock_reentrant (Module *mod)
 {
 	CK_RV rv = CKR_OK;
 	p11_thread_id_t self;
+
 	assert (mod);
 
 	self = p11_thread_id_self ();
@@ -531,23 +575,16 @@ initialize_module_unlocked_reentrant (Module *mod)
 	mod->initialize_thread = self;
 
 	/* Change over to the module specific mutex */
-	p11_mutex_lock (&mod->initialize_mutex);
 	p11_unlock ();
+	p11_mutex_lock (&mod->initialize_mutex);
 
 	if (!mod->initialize_called) {
-		assert (mod->funcs);
-
-		if (mod->funcs == &_p11_proxy_function_list) {
-			p11_message ("refusing to load the p11-kit-proxy.so module as a registered module");
-			rv = CKR_FUNCTION_FAILED;
-
-		} else {
-			p11_debug ("C_Initialize: calling");
+		p11_debug ("C_Initialize: calling");
 
-			rv = mod->funcs->C_Initialize (&mod->init_args);
+		rv = mod->virt.funcs.C_Initialize (&mod->virt.funcs,
+		                                   &mod->init_args);
 
-			p11_debug ("C_Initialize: result: %lu", rv);
-		}
+		p11_debug ("C_Initialize: result: %lu", rv);
 
 		/* Module was initialized and C_Finalize should be called */
 		if (rv == CKR_OK)
@@ -561,10 +598,14 @@ initialize_module_unlocked_reentrant (Module *mod)
 	p11_mutex_unlock (&mod->initialize_mutex);
 	p11_lock ();
 
-	/* Don't claim reference if failed */
-	if (rv != CKR_OK)
-		--mod->ref_count;
+	if (rv == CKR_OK) {
+		/* Matches the ref count in finalize_module_inlock_reentrant() */
+		if (mod->init_count == 0)
+			mod->ref_count++;
+		mod->init_count++;
+	}
 
+	mod->ref_count--;
 	mod->initialize_thread = 0;
 	return rv;
 }
@@ -583,13 +624,13 @@ reinitialize_after_fork (void)
 
 		if (gl.modules) {
 			p11_dict_iterate (gl.modules, &iter);
-			while (p11_dict_next (&iter, NULL, (void **)&mod))
+			while (p11_dict_next (&iter, (void **)&mod, NULL))
 				mod->initialize_called = false;
 		}
 
 	p11_unlock ();
 
-	_p11_kit_proxy_after_fork ();
+	p11_proxy_after_fork ();
 }
 
 #endif /* OS_UNIX */
@@ -600,11 +641,26 @@ init_globals_unlocked (void)
 	static bool once = false;
 
 	if (!gl.modules) {
-		gl.modules = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal,
-		                           NULL, free_module_unlocked);
+		gl.modules = p11_dict_new (p11_dict_direct_hash,
+		                           p11_dict_direct_equal,
+		                           free_module_unlocked, NULL);
 		return_val_if_fail (gl.modules != NULL, CKR_HOST_MEMORY);
 	}
 
+	if (!gl.unmanaged_by_funcs) {
+		gl.unmanaged_by_funcs = p11_dict_new (p11_dict_direct_hash,
+		                                      p11_dict_direct_equal,
+		                                      NULL, NULL);
+		return_val_if_fail (gl.unmanaged_by_funcs != NULL, CKR_HOST_MEMORY);
+	}
+
+	if (!gl.managed_by_closure) {
+		gl.managed_by_closure = p11_dict_new (p11_dict_direct_hash,
+		                                      p11_dict_direct_equal,
+		                                      NULL, NULL);
+		return_val_if_fail (gl.managed_by_closure != NULL, CKR_HOST_MEMORY);
+	}
+
 	if (once)
 		return CKR_OK;
 
@@ -624,19 +680,26 @@ free_modules_when_no_refs_unlocked (void)
 
 	/* Check if any modules have a ref count */
 	p11_dict_iterate (gl.modules, &iter);
-	while (p11_dict_next (&iter, NULL, (void **)&mod)) {
+	while (p11_dict_next (&iter, (void **)&mod, NULL)) {
 		if (mod->ref_count)
 			return;
 	}
 
+	p11_dict_free (gl.unmanaged_by_funcs);
+	gl.unmanaged_by_funcs = NULL;
+
+	p11_dict_free (gl.managed_by_closure);
+	gl.managed_by_closure = NULL;
+
 	p11_dict_free (gl.modules);
 	gl.modules = NULL;
+
 	p11_dict_free (gl.config);
 	gl.config = NULL;
 }
 
 static CK_RV
-finalize_module_unlocked_reentrant (Module *mod)
+finalize_module_inlock_reentrant (Module *mod)
 {
 	assert (mod);
 
@@ -647,7 +710,7 @@ finalize_module_unlocked_reentrant (Module *mod)
 	if (mod->ref_count == 0)
 		return CKR_ARGUMENTS_BAD;
 
-	if (--mod->ref_count > 0)
+	if (--mod->init_count > 0)
 		return CKR_OK;
 
 	/*
@@ -655,78 +718,58 @@ finalize_module_unlocked_reentrant (Module *mod)
 	 * the ref count. This prevents module from being freed out
 	 * from ounder us.
 	 */
-	++mod->ref_count;
 
-	p11_mutex_lock (&mod->initialize_mutex);
 	p11_unlock ();
+	p11_mutex_lock (&mod->initialize_mutex);
 
 	if (mod->initialize_called) {
-
-		assert (mod->funcs);
-		mod->funcs->C_Finalize (NULL);
-
+		mod->virt.funcs.C_Finalize (&mod->virt.funcs, NULL);
 		mod->initialize_called = false;
 	}
 
 	p11_mutex_unlock (&mod->initialize_mutex);
 	p11_lock ();
 
-	/* Match the increment above */
-	--mod->ref_count;
+	/* Match the ref increment in initialize_module_inlock_reentrant() */
+	mod->ref_count--;
 
 	free_modules_when_no_refs_unlocked ();
 	return CKR_OK;
 }
 
-static Module*
-find_module_for_name_unlocked (const char *name)
+static CK_RV
+initialize_registered_inlock_reentrant (void)
 {
-	Module *mod;
 	p11_dictiter iter;
-
-	assert (name);
-
-	p11_dict_iterate (gl.modules, &iter);
-	while (p11_dict_next (&iter, NULL, (void **)&mod))
-		if (mod->ref_count && mod->name && strcmp (name, mod->name) == 0)
-			return mod;
-	return NULL;
-}
-
-CK_RV
-_p11_kit_initialize_registered_unlocked_reentrant (void)
-{
 	Module *mod;
-	p11_dictiter iter;
-	int critical;
 	CK_RV rv;
 
+	/*
+	 * This is only called by deprecated code. The caller expects all
+	 * configured and enabled modules to be initialized.
+	 */
+
 	rv = init_globals_unlocked ();
 	if (rv != CKR_OK)
 		return rv;
 
 	rv = load_registered_modules_unlocked ();
 	if (rv == CKR_OK) {
-		p11_dict_iterate (gl.modules, &iter);
-		while (p11_dict_next (&iter, NULL, (void **)&mod)) {
+		p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
+		while (rv == CKR_OK && p11_dict_next (&iter, NULL, (void **)&mod)) {
 
-			/* Skip all modules that aren't registered */
+			/* Skip all modules that aren't registered or enabled */
 			if (mod->name == NULL || !is_module_enabled_unlocked (mod->name, mod->config))
 				continue;
 
-			rv = initialize_module_unlocked_reentrant (mod);
-
-			/*
-			 * Module failed to initialize. If this is a critical module,
-			 * then this, should abort loading of others.
-			 */
+			rv = initialize_module_inlock_reentrant (mod);
 			if (rv != CKR_OK) {
-				p11_message ("failed to initialize module: %s: %s",
-				             mod->name, p11_kit_strerror (rv));
-
-				critical = _p11_conf_parse_boolean (p11_dict_get (mod->config, "critical"), false);
-				if (!critical) {
-					p11_debug ("ignoring failure, non-critical module: %s", mod->name);
+				if (mod->critical) {
+					p11_message ("initialization of critical module '%s' failed: %s",
+					             mod->name, p11_kit_strerror (rv));
+				} else {
+					p11_message ("skipping module '%s' whose initialization failed: %s",
+					             mod->name, p11_kit_strerror (rv));
 					rv = CKR_OK;
 				}
 			}
@@ -736,6 +779,27 @@ _p11_kit_initialize_registered_unlocked_reentrant (void)
 	return rv;
 }
 
+static Module *
+module_for_functions_inlock (CK_FUNCTION_LIST *funcs)
+{
+	if (p11_virtual_is_wrapper (funcs))
+		return p11_dict_get (gl.managed_by_closure, funcs);
+	else
+		return p11_dict_get (gl.unmanaged_by_funcs, funcs);
+}
+
+static CK_FUNCTION_LIST *
+unmanaged_for_module_inlock (Module *mod)
+{
+	CK_FUNCTION_LIST *funcs;
+
+	funcs = mod->virt.lower_module;
+	if (p11_dict_get (gl.unmanaged_by_funcs, funcs) == mod)
+		return funcs;
+
+	return NULL;
+}
+
 /**
  * p11_kit_initialize_registered:
  *
@@ -751,6 +815,8 @@ _p11_kit_initialize_registered_unlocked_reentrant (void)
  * If this function fails, then an error message will be available via the
  * p11_kit_message() function.
  *
+ * Deprecated: Since: 0.19.0: Use p11_kit_modules_load() instead.
+ *
  * Returns: CKR_OK if the initialization succeeded, or an error code.
  */
 CK_RV
@@ -768,7 +834,7 @@ p11_kit_initialize_registered (void)
 		p11_message_clear ();
 
 		/* WARNING: Reentrancy can occur here */
-		rv = _p11_kit_initialize_registered_unlocked_reentrant ();
+		rv = initialize_registered_inlock_reentrant ();
 
 		_p11_kit_default_message (rv);
 
@@ -782,29 +848,36 @@ p11_kit_initialize_registered (void)
 	return rv;
 }
 
-CK_RV
-_p11_kit_finalize_registered_unlocked_reentrant (void)
+static CK_RV
+finalize_registered_inlock_reentrant (void)
 {
 	Module *mod;
 	p11_dictiter iter;
 	Module **to_finalize;
 	int i, count;
 
+	/*
+	 * This is only called from deprecated code. The caller expects all
+	 * modules initialized earlier to be finalized (once). If non-critical
+	 * modules failed to initialize, then it is not possible to completely
+	 * guarantee the internal state.
+	 */
+
 	if (!gl.modules)
 		return CKR_CRYPTOKI_NOT_INITIALIZED;
 
 	/* WARNING: This function must be reentrant */
 
-	to_finalize = calloc (p11_dict_size (gl.modules), sizeof (Module *));
+	to_finalize = calloc (p11_dict_size (gl.unmanaged_by_funcs), sizeof (Module *));
 	if (!to_finalize)
 		return CKR_HOST_MEMORY;
 
 	count = 0;
-	p11_dict_iterate (gl.modules, &iter);
+	p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
 	while (p11_dict_next (&iter, NULL, (void **)&mod)) {
 
 		/* Skip all modules that aren't registered */
-		if (mod->name)
+		if (mod->name && mod->init_count)
 			to_finalize[count++] = mod;
 	}
 
@@ -812,7 +885,7 @@ _p11_kit_finalize_registered_unlocked_reentrant (void)
 
 	for (i = 0; i < count; ++i) {
 		/* WARNING: Reentrant calls can occur here */
-		finalize_module_unlocked_reentrant (to_finalize[i]);
+		finalize_module_inlock_reentrant (to_finalize[i]);
 	}
 
 	free (to_finalize);
@@ -837,6 +910,8 @@ _p11_kit_finalize_registered_unlocked_reentrant (void)
  * If this function fails, then an error message will be available via the
  * p11_kit_message() function.
  *
+ * Deprecated: Since 0.19.0: Use p11_kit_modules_release() instead.
+ *
  * Returns: CKR_OK if the finalization succeeded, or an error code.
  */
 
@@ -855,7 +930,7 @@ p11_kit_finalize_registered (void)
 		p11_message_clear ();
 
 		/* WARNING: Reentrant calls can occur here */
-		rv = _p11_kit_finalize_registered_unlocked_reentrant ();
+		rv = finalize_registered_inlock_reentrant ();
 
 		_p11_kit_default_message (rv);
 
@@ -875,8 +950,8 @@ compar_priority (const void *one,
 	const char *v1, *v2;
 	int o1, o2;
 
-	m1 = p11_dict_get (gl.modules, f1);
-	m2 = p11_dict_get (gl.modules, f2);
+	m1 = module_for_functions_inlock (f1);
+	m2 = module_for_functions_inlock (f2);
 	assert (m1 != NULL && m2 != NULL);
 
 	v1 = p11_dict_get (m1->config, "priority");
@@ -910,20 +985,27 @@ sort_modules_by_priority (CK_FUNCTION_LIST_PTR *modules,
 	qsort (modules, count, sizeof (CK_FUNCTION_LIST_PTR), compar_priority);
 }
 
-CK_FUNCTION_LIST_PTR_PTR
-_p11_kit_registered_modules_unlocked (void)
+static CK_FUNCTION_LIST **
+list_registered_modules_inlock (void)
 {
-	CK_FUNCTION_LIST_PTR_PTR result = NULL;
+	CK_FUNCTION_LIST **result = NULL;
+	CK_FUNCTION_LIST *funcs;
 	Module *mod;
 	p11_dictiter iter;
 	int i = 0;
 
-	if (gl.modules) {
-		result = calloc (p11_dict_size (gl.modules) + 1, sizeof (CK_FUNCTION_LIST_PTR));
+	/*
+	 * This is only called by deprecated code. The caller expects to get
+	 * a list of all registered enabled modules that have been initialized.
+	 */
+
+	if (gl.unmanaged_by_funcs) {
+		result = calloc (p11_dict_size (gl.unmanaged_by_funcs) + 1,
+		                 sizeof (CK_FUNCTION_LIST *));
 		return_val_if_fail (result != NULL, NULL);
 
-		p11_dict_iterate (gl.modules, &iter);
-		while (p11_dict_next (&iter, NULL, (void **)&mod)) {
+		p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
+		while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) {
 
 			/*
 			 * We don't include unreferenced modules. We don't include
@@ -936,9 +1018,9 @@ _p11_kit_registered_modules_unlocked (void)
 			 * having initialized. This is a corner case, but want to make
 			 * sure to cover it.
 			 */
-			if (mod->ref_count && mod->name &&
+			if (mod->ref_count && mod->name && mod->init_count &&
 			    is_module_enabled_unlocked (mod->name, mod->config)) {
-				result[i++] = mod->funcs;
+				result[i++] = funcs;
 			}
 		}
 
@@ -957,6 +1039,10 @@ _p11_kit_registered_modules_unlocked (void)
  * The returned value is a NULL terminated array of
  * CK_FUNCTION_LIST_PTR pointers.
  *
+ * The returned modules are unmanaged.
+ *
+ * Deprecated: Since 0.19.0: Use p11_kit_modules_load() instead.
+ *
  * Returns: A list of all the registered modules. Use the free() function to
  * free the list.
  */
@@ -971,7 +1057,7 @@ p11_kit_registered_modules (void)
 
 		p11_message_clear ();
 
-		result = _p11_kit_registered_modules_unlocked ();
+		result = list_registered_modules_inlock ();
 
 	p11_unlock ();
 
@@ -987,6 +1073,8 @@ p11_kit_registered_modules (void)
  * You can use p11_kit_registered_modules() to get a list of all the registered
  * modules. This name is specified by the registered module configuration.
  *
+ * Deprecated: Since 0.19.0: Use p11_kit_module_get_name() instead.
+ *
  * Returns: A newly allocated string containing the module name, or
  *     NULL if no such registered module exists. Use free() to
  *     free this string.
@@ -994,6 +1082,28 @@ p11_kit_registered_modules (void)
 char*
 p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module)
 {
+	return_val_if_fail (module != NULL, NULL);
+	return p11_kit_module_get_name (module);
+}
+
+/**
+ * p11_kit_module_get_name:
+ * @module: pointer to a loaded module
+ *
+ * Get the configured name of the PKCS\#11 module.
+ *
+ * Configured modules are loaded by p11_kit_modules_load(). The module
+ * passed to this function can be either managed or unmanaged. Non
+ * configured modules will return %NULL.
+ *
+ * Use free() to release the return value when you're done with it.
+ *
+ * Returns: a newly allocated string containing the module name, or
+ *     NULL if the module is not a configured module
+ */
+char *
+p11_kit_module_get_name (CK_FUNCTION_LIST *module)
+{
 	Module *mod;
 	char *name = NULL;
 
@@ -1005,9 +1115,11 @@ p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module)
 
 		p11_message_clear ();
 
-		mod = module && gl.modules ? p11_dict_get (gl.modules, module) : NULL;
-		if (mod && mod->name)
-			name = strdup (mod->name);
+		if (gl.modules) {
+			mod = module_for_functions_inlock (module);
+			if (mod && mod->name)
+				name = strdup (mod->name);
+		}
 
 	p11_unlock ();
 
@@ -1015,12 +1127,60 @@ p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module)
 }
 
 /**
+ * p11_kit_module_get_flags:
+ * @module: the module
+ *
+ * Get the flags for this module.
+ *
+ * The %P11_KIT_MODULE_UNMANAGED flag will be set if the module is not
+ * managed by p11-kit. It is a raw PKCS\#11 module function list.
+ *
+ * The %P11_KIT_MODULE_CRITICAL flag will be set if the module is configured
+ * to be critical, and not be skipped over if it fails to initialize or
+ * load. This flag is also set for modules that are not configured, but have
+ * been loaded in another fashion.
+ *
+ * Returns: the flags for the module
+ */
+int
+p11_kit_module_get_flags (CK_FUNCTION_LIST *module)
+{
+	Module *mod;
+	int flags = 0;
+
+	return_val_if_fail (module != NULL, 0);
+
+	p11_library_init_once ();
+
+	p11_lock ();
+
+		p11_message_clear ();
+
+		if (gl.modules) {
+			if (p11_virtual_is_wrapper (module)) {
+				mod = p11_dict_get (gl.managed_by_closure, module);
+			} else {
+				flags |= P11_KIT_MODULE_UNMANAGED;
+				mod = p11_dict_get (gl.unmanaged_by_funcs, module);
+			}
+			if (!mod || mod->critical)
+				flags |= P11_KIT_MODULE_CRITICAL;
+		}
+
+	p11_unlock ();
+
+	return flags;
+}
+
+/**
  * p11_kit_registered_name_to_module:
  * @name: name of a registered module
  *
  * Lookup a registered PKCS\#11 module by its name. This name is specified by
  * the registered module configuration.
  *
+ * Deprecated: Since 0.19.0: Use p11_kit_module_for_name() instead.
+ *
  * Returns: a pointer to a PKCS\#11 module, or NULL if this name was
  *     not found.
  */
@@ -1028,19 +1188,28 @@ CK_FUNCTION_LIST_PTR
 p11_kit_registered_name_to_module (const char *name)
 {
 	CK_FUNCTION_LIST_PTR module = NULL;
+	CK_FUNCTION_LIST_PTR funcs;
+	p11_dictiter iter;
 	Module *mod;
 
 	return_val_if_fail (name != NULL, NULL);
 
 	p11_lock ();
 
-		p11_message_clear ();
+	p11_message_clear ();
 
-		if (gl.modules) {
-			mod = find_module_for_name_unlocked (name);
-			if (mod != NULL && is_module_enabled_unlocked (name, mod->config))
-				module = mod->funcs;
+	if (gl.modules) {
+
+		assert (name);
+
+		p11_dict_iterate (gl.unmanaged_by_funcs, &iter);
+		while (p11_dict_next (&iter, (void **)&funcs, (void **)&mod)) {
+			if (mod->ref_count && mod->name && strcmp (name, mod->name) == 0) {
+				module = funcs;
+				break;
+			}
 		}
+	}
 
 	p11_unlock ();
 
@@ -1048,6 +1217,70 @@ p11_kit_registered_name_to_module (const char *name)
 }
 
 /**
+ * p11_kit_module_for_name:
+ * @modules: a list of modules to look through
+ * @name: the name of the module to find
+ *
+ * Look through the list of @modules and return the module whose @name
+ * matches.
+ *
+ * Only configured modules have names. Configured modules are loaded by
+ * p11_kit_modules_load(). The module passed to this function can be either
+ * managed or unmanaged.
+ *
+ * The return value is not copied or duplicated in anyway. It is still
+ * 'owned' by the @modules list.
+ *
+ * Returns: the module which matches the name, or %NULL if no match.
+ */
+CK_FUNCTION_LIST *
+p11_kit_module_for_name (CK_FUNCTION_LIST **modules,
+                         const char *name)
+{
+	CK_FUNCTION_LIST *ret = NULL;
+	Module *mod;
+	int i;
+
+	return_val_if_fail (name != NULL, NULL);
+
+	if (!modules)
+		return NULL;
+
+	p11_library_init_once ();
+
+	p11_lock ();
+
+		p11_message_clear ();
+
+		for (i = 0; gl.modules && modules[i] != NULL; i++) {
+			mod = module_for_functions_inlock (modules[i]);
+			if (mod && mod->name && strcmp (mod->name, name) == 0) {
+				ret = modules[i];
+				break;
+			}
+		}
+
+	p11_unlock ();
+
+	return ret;
+}
+
+static const char *
+module_get_option_inlock (Module *mod,
+                          const char *option)
+{
+	p11_dict *config;
+
+	if (mod == NULL)
+		config = gl.config;
+	else
+		config = mod->config;
+	if (config == NULL)
+		return NULL;
+	return p11_dict_get (config, option);
+}
+
+/**
  * p11_kit_registered_option:
  * @module: a pointer to a registered module
  * @field: the name of the option to lookup.
@@ -1056,6 +1289,8 @@ p11_kit_registered_name_to_module (const char *name)
  * NULL module argument is specified, then this will lookup
  * the configuration option in the global config file.
  *
+ * Deprecated: Since 0.19.0: Use p11_kit_config_option() instead.
+ *
  * Returns: A newly allocated string containing the option value, or
  *     NULL if the registered module or the option were not found.
  *     Use free() to free the returned string.
@@ -1065,7 +1300,7 @@ p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, const char *field)
 {
 	Module *mod = NULL;
 	char *option = NULL;
-	p11_dict *config = NULL;
+	const char *value;
 
 	return_val_if_fail (field != NULL, NULL);
 
@@ -1075,20 +1310,14 @@ p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, const char *field)
 
 		p11_message_clear ();
 
-		if (module == NULL) {
-			config = gl.config;
+		if (module == NULL)
+			mod = NULL;
+		else
+			mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL;
 
-		} else {
-			mod = gl.modules ? p11_dict_get (gl.modules, module) : NULL;
-			if (mod)
-				config = mod->config;
-		}
-
-		if (config && field) {
-			option = p11_dict_get (config, field);
-			if (option)
-				option = strdup (option);
-		}
+		value = module_get_option_inlock (mod, field);
+		if (value)
+			option = strdup (value);
 
 	p11_unlock ();
 
@@ -1096,41 +1325,850 @@ p11_kit_registered_option (CK_FUNCTION_LIST_PTR module, const char *field)
 }
 
 /**
- * p11_kit_initialize_module:
- * @module: loaded module to initialize.
- *
- * Initialize an arbitrary PKCS\#11 module. Normally using the
- * p11_kit_initialize_registered() is preferred.
- *
- * Using this function to initialize modules allows coordination between
- * multiple users of the same module in a single process. It should be called
- * on modules that have been loaded (with dlopen() for example) but not yet
- * initialized. The caller should not yet have called the module's
- * C_Initialize method. This function will call
- * C_Initialize as necessary.
- *
- * Subsequent calls to this function for the same module will result in an
- * initialization count being incremented for the module. It is safe (although
- * usually unnecessary) to use this function on registered modules.
+ * p11_kit_config_option:
+ * @module: the module to retrieve the option for, or %NULL for global options
+ * @option: the option to retrieve
  *
- * The module must be finalized with p11_kit_finalize_module() instead of
- * calling its C_Finalize method directly.
+ * Retrieve the value for a configured option.
  *
- * This function does not accept a CK_C_INITIALIZE_ARGS argument.
- * Custom initialization arguments cannot be supported when multiple consumers
- * load the same module.
+ * If @module is %NULL, then the global option with the given name will
+ * be retrieved. Otherwise @module should point to a configured loaded module.
+ * If no such @option or configured @module exists, then %NULL will be returned.
  *
- * If this function fails, then an error message will be available via the
- * p11_kit_message() function.
+ * Use free() to release the returned value.
  *
- * Returns: CKR_OK if the initialization was successful.
+ * Returns: the option value or %NULL
+ */
+char *
+p11_kit_config_option (CK_FUNCTION_LIST *module,
+                       const char *option)
+{
+	Module *mod = NULL;
+	const char *value = NULL;
+	char *ret = NULL;
+
+	return_val_if_fail (option != NULL, NULL);
+
+	p11_library_init_once ();
+
+	p11_lock ();
+
+		p11_message_clear ();
+
+		if (gl.modules) {
+			if (module != NULL) {
+				mod = module_for_functions_inlock (module);
+				if (mod == NULL)
+					goto cleanup;
+			}
+
+			value = module_get_option_inlock (mod, option);
+			if (value)
+				ret = strdup (value);
+		}
+
+
+cleanup:
+	p11_unlock ();
+	return ret;
+}
+
+typedef struct {
+	p11_virtual virt;
+	Module *mod;
+	bool initialized;
+	p11_dict *sessions;
+} Managed;
+
+static CK_RV
+managed_C_Initialize (CK_X_FUNCTION_LIST *self,
+                      CK_VOID_PTR init_args)
+{
+	Managed *managed = ((Managed *)self);
+	p11_dict *sessions;
+	CK_RV rv;
+
+	p11_debug ("in");
+	p11_lock ();
+
+	if (managed->initialized) {
+		rv = CKR_CRYPTOKI_ALREADY_INITIALIZED;
+
+	} else {
+		sessions = p11_dict_new (p11_dict_ulongptr_hash,
+		                         p11_dict_ulongptr_equal,
+		                         free, free);
+		if (!sessions)
+			rv = CKR_HOST_MEMORY;
+		else
+			rv = initialize_module_inlock_reentrant (managed->mod);
+		if (rv == CKR_OK) {
+			managed->sessions = sessions;
+			managed->initialized = true;
+		} else {
+			p11_dict_free (sessions);
+		}
+	}
+
+	p11_unlock ();
+	p11_debug ("out: %lu", rv);
+
+	return rv;
+}
+
+static CK_RV
+managed_track_session_inlock (p11_dict *sessions,
+                              CK_SLOT_ID slot_id,
+                              CK_SESSION_HANDLE session)
+{
+	void *key;
+	void *value;
+
+	key = memdup (&session, sizeof (CK_SESSION_HANDLE));
+	return_val_if_fail (key != NULL, CKR_HOST_MEMORY);
+
+	value = memdup (&slot_id, sizeof (CK_SESSION_HANDLE));
+	return_val_if_fail (value != NULL, CKR_HOST_MEMORY);
+
+	if (!p11_dict_set (sessions, key, value))
+		return_val_if_reached (CKR_HOST_MEMORY);
+
+	return CKR_OK;
+}
+
+static void
+managed_untrack_session_inlock (p11_dict *sessions,
+                                CK_SESSION_HANDLE session)
+{
+	p11_dict_remove (sessions, &session);
+}
+
+static CK_SESSION_HANDLE *
+managed_steal_sessions_inlock (p11_dict *sessions,
+                        bool matching_slot_id,
+                        CK_SLOT_ID slot_id,
+                        int *count)
+{
+	CK_SESSION_HANDLE *stolen;
+	CK_SESSION_HANDLE *key;
+	CK_SLOT_ID *value;
+	p11_dictiter iter;
+	int at, i;
+
+	assert (sessions != NULL);
+	assert (count != NULL);
+
+	stolen = calloc (p11_dict_size (sessions), sizeof (CK_SESSION_HANDLE));
+	return_val_if_fail (stolen != NULL, NULL);
+
+	at = 0;
+	p11_dict_iterate (sessions, &iter);
+	while (p11_dict_next (&iter, (void **)&key, (void **)&value)) {
+		if (!matching_slot_id || slot_id == *value)
+			stolen[at++] = *key;
+	}
+
+	/* Removed them all, clear the whole array */
+	if (at == p11_dict_size (sessions)) {
+		p11_dict_clear (sessions);
+
+	/* Only removed some, go through and remove those */
+	} else {
+		for (i = 0; i < at; i++) {
+			if (!p11_dict_remove (sessions, stolen + at))
+				assert_not_reached ();
+		}
+	}
+
+	*count = at;
+	return stolen;
+}
+
+static void
+managed_close_sessions (CK_X_FUNCTION_LIST *funcs,
+                        CK_SESSION_HANDLE *stolen,
+                        int count)
+{
+	CK_RV rv;
+	int i;
+
+	for (i = 0; i < count; i++) {
+		rv = funcs->C_CloseSession (funcs, stolen[i]);
+		if (rv != CKR_OK)
+			p11_message ("couldn't close session: %s", p11_kit_strerror (rv));
+	}
+}
+
+static CK_RV
+managed_C_Finalize (CK_X_FUNCTION_LIST *self,
+                    CK_VOID_PTR reserved)
+{
+	Managed *managed = ((Managed *)self);
+	CK_SESSION_HANDLE *sessions;
+	int count;
+	CK_RV rv;
+
+	p11_debug ("in");
+	p11_lock ();
+
+	if (!managed->initialized) {
+		rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+
+	} else {
+		sessions = managed_steal_sessions_inlock (managed->sessions, false, 0, &count);
+
+		if (sessions && count) {
+			/* WARNING: reentrancy can occur here */
+			p11_unlock ();
+			managed_close_sessions (&managed->mod->virt.funcs, sessions, count);
+			p11_lock ();
+		}
+
+		free (sessions);
+
+		/* WARNING: reentrancy can occur here */
+		rv = finalize_module_inlock_reentrant (managed->mod);
+
+		if (rv == CKR_OK) {
+			managed->initialized = false;
+			p11_dict_free (managed->sessions);
+			managed->sessions = NULL;
+		}
+	}
+
+	p11_unlock ();
+	p11_debug ("out: %lu", rv);
+
+	return rv;
+}
+
+static CK_RV
+managed_C_OpenSession (CK_X_FUNCTION_LIST *self,
+                       CK_SLOT_ID slot_id,
+                       CK_FLAGS flags,
+                       CK_VOID_PTR application,
+                       CK_NOTIFY notify,
+                       CK_SESSION_HANDLE_PTR session)
+{
+	Managed *managed = ((Managed *)self);
+	CK_RV rv;
+
+	return_val_if_fail (session != NULL, CKR_ARGUMENTS_BAD);
+
+	self = &managed->mod->virt.funcs;
+	rv = self->C_OpenSession (self, slot_id, flags, application, notify, session);
+
+	if (rv == CKR_OK) {
+		p11_lock ();
+		rv = managed_track_session_inlock (managed->sessions, slot_id, *session);
+		p11_unlock ();
+	}
+
+	return rv;
+}
+
+static CK_RV
+managed_C_CloseSession (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE session)
+{
+	Managed *managed = ((Managed *)self);
+	CK_RV rv;
+
+	self = &managed->mod->virt.funcs;
+	rv = self->C_CloseSession (self, session);
+
+	if (rv == CKR_OK) {
+		p11_lock ();
+		managed_untrack_session_inlock (managed->sessions, session);
+		p11_unlock ();
+	}
+
+	return rv;
+}
+
+static CK_RV
+managed_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
+                            CK_SLOT_ID slot_id)
+{
+	Managed *managed = ((Managed *)self);
+	CK_SESSION_HANDLE *stolen;
+	int count;
+
+	p11_lock ();
+	stolen = managed_steal_sessions_inlock (managed->sessions, true, slot_id, &count);
+	p11_unlock ();
+
+	self = &managed->mod->virt.funcs;
+	managed_close_sessions (self, stolen, count);
+	free (stolen);
+
+	return stolen ? CKR_OK : CKR_GENERAL_ERROR;
+}
+
+static void
+managed_free_inlock (void *data)
+{
+	Managed *managed = data;
+	managed->mod->ref_count--;
+	free (managed);
+}
+
+static p11_virtual *
+managed_create_inlock (Module *mod)
+{
+	Managed *managed;
+
+	managed = calloc (1, sizeof (Managed));
+	return_val_if_fail (managed != NULL, NULL);
+
+	p11_virtual_init (&managed->virt, &p11_virtual_stack,
+	                  &mod->virt, NULL);
+	managed->virt.funcs.C_Initialize = managed_C_Initialize;
+	managed->virt.funcs.C_Finalize = managed_C_Finalize;
+	managed->virt.funcs.C_CloseAllSessions = managed_C_CloseAllSessions;
+	managed->virt.funcs.C_CloseSession = managed_C_CloseSession;
+	managed->virt.funcs.C_OpenSession = managed_C_OpenSession;
+	managed->mod = mod;
+	mod->ref_count++;
+
+	return &managed->virt;
+}
+
+static bool
+lookup_managed_option (Module *mod,
+                       bool supported,
+                       const char *option,
+                       bool def_value)
+{
+	const char *string;
+	bool value;
+
+	string = module_get_option_inlock (NULL, option);
+	if (!string)
+		string = module_get_option_inlock (mod, option);
+	if (!string) {
+		if (!supported)
+			return false;
+		return def_value;
+	}
+
+	value = _p11_conf_parse_boolean (string, def_value);
+
+	if (!supported && value != supported) {
+		if (!p11_virtual_can_wrap ()) {
+			/*
+			 * This is because libffi dependency was not built. The libffi dependency
+			 * is highly recommended and building without it results in a large loss
+			 * of functionality.
+			 */
+			p11_message ("the '%s' option for module '%s' is not supported on this system",
+			             option, mod->name);
+		} else {
+			/*
+			 * This is because the module is running in unmanaged mode, so turn off the
+			 */
+			p11_message ("the '%s' option for module '%s' is only supported for managed modules",
+			             option, mod->name);
+		}
+		return false;
+	}
+
+	return value;
+}
+
+static CK_RV
+release_module_inlock_rentrant (CK_FUNCTION_LIST *module,
+                                const char *caller_func)
+{
+	Module *mod;
+
+	assert (module != NULL);
+
+	/* See if a managed module, and finalize if so */
+	if (p11_virtual_is_wrapper (module)) {
+		mod = p11_dict_get (gl.managed_by_closure, module);
+		if (mod != NULL) {
+			if (!p11_dict_remove (gl.managed_by_closure, module))
+				assert_not_reached ();
+			p11_virtual_unwrap (module);
+		}
+
+	/* If an unmanaged module then caller should have finalized */
+	} else {
+		mod = p11_dict_get (gl.unmanaged_by_funcs, module);
+	}
+
+	if (mod == NULL) {
+		p11_debug_precond ("invalid module pointer passed to %s", caller_func);
+		return CKR_ARGUMENTS_BAD;
+	}
+
+	/* Matches the ref in prepare_module_inlock_reentrant() */
+	mod->ref_count--;
+	return CKR_OK;
+}
+
+CK_RV
+p11_modules_release_inlock_reentrant (CK_FUNCTION_LIST **modules)
+{
+	CK_RV ret = CKR_OK;
+	CK_RV rv;
+	int i;
+
+	for (i = 0; modules[i] != NULL; i++) {
+		rv = release_module_inlock_rentrant (modules[i], __PRETTY_FUNCTION__);
+		if (rv != CKR_OK)
+			ret = rv;
+	}
+
+	free (modules);
+
+	/* In case nothing loaded, free up internal memory */
+	free_modules_when_no_refs_unlocked ();
+
+	return ret;
+}
+
+static CK_RV
+prepare_module_inlock_reentrant (Module *mod,
+                                 int flags,
+                                 CK_FUNCTION_LIST **module)
+{
+	p11_destroyer destroyer;
+	p11_virtual *virt;
+	bool is_managed;
+	bool with_log;
+
+	assert (module != NULL);
+
+	if (flags & P11_KIT_MODULE_UNMANAGED) {
+		is_managed = false;
+		with_log = false;
+	} else {
+		is_managed = lookup_managed_option (mod, p11_virtual_can_wrap (), "managed", true);
+		with_log = lookup_managed_option (mod, is_managed, "log-calls", false);
+	}
+
+	if (is_managed) {
+		virt = managed_create_inlock (mod);
+		return_val_if_fail (virt != NULL, CKR_HOST_MEMORY);
+		destroyer = managed_free_inlock;
+
+		/* Add the logger if configured */
+		if (p11_log_force || with_log) {
+			virt = p11_log_subclass (virt, destroyer);
+			destroyer = p11_log_release;
+		}
+
+		*module = p11_virtual_wrap (virt, destroyer);
+		return_val_if_fail (*module != NULL, CKR_GENERAL_ERROR);
+
+		if (!p11_dict_set (gl.managed_by_closure, *module, mod))
+			return_val_if_reached (CKR_HOST_MEMORY);
+
+	} else {
+		*module = unmanaged_for_module_inlock (mod);
+		if (*module == NULL)
+			return CKR_FUNCTION_NOT_SUPPORTED;
+	}
+
+	/* Matches the deref in release_module_inlock_rentrant() */
+	mod->ref_count++;
+	return CKR_OK;
+}
+
+CK_RV
+p11_modules_load_inlock_reentrant (int flags,
+                                   CK_FUNCTION_LIST ***results)
+{
+	CK_FUNCTION_LIST **modules;
+	Module *mod;
+	p11_dictiter iter;
+	CK_RV rv;
+	int at;
+
+	rv = init_globals_unlocked ();
+	if (rv != CKR_OK)
+		return rv;
+
+	rv = load_registered_modules_unlocked ();
+	if (rv != CKR_OK)
+		return rv;
+
+	modules = calloc (p11_dict_size (gl.modules) + 1, sizeof (CK_FUNCTION_LIST *));
+	return_val_if_fail (modules != NULL, CKR_HOST_MEMORY);
+
+	at = 0;
+	rv = CKR_OK;
+
+	p11_dict_iterate (gl.modules, &iter);
+	while (p11_dict_next (&iter, NULL, (void **)&mod)) {
+
+		/*
+		 * We don't include unreferenced modules. We don't include
+		 * modules that have been initialized but aren't in the
+		 * registry. These have a NULL name.
+		 *
+		 * In addition we check again that the module isn't disabled
+		 * using enable-in or disable-in. This is because a caller
+		 * can change the progname we recognize the process as after
+		 * having initialized. This is a corner case, but want to make
+		 * sure to cover it.
+		 */
+		if (!mod->name || !is_module_enabled_unlocked (mod->name, mod->config))
+			continue;
+
+		rv = prepare_module_inlock_reentrant (mod, flags, modules + at);
+		if (rv == CKR_OK)
+			at++;
+		else if (rv != CKR_FUNCTION_NOT_SUPPORTED)
+			break;
+	}
+
+	modules[at] = NULL;
+
+	if (rv != CKR_OK) {
+		p11_modules_release_inlock_reentrant (modules);
+		return rv;
+	}
+
+	sort_modules_by_priority (modules, at);
+	*results = modules;
+	return CKR_OK;
+}
+
+/**
+ * p11_kit_modules_load:
+ * @reserved: set to %NULL
+ * @flags: flags to use to load the module
+ *
+ * Load the configured PKCS\#11 modules.
+ *
+ * If @flags contains the %P11_KIT_MODULE_UNMANAGED flag, then the
+ * modules will be not be loaded in 'managed' mode regardless of its
+ * configuration. This is not recommended for general usage.
+ *
+ * If @flags contains the %P11_KIT_MODULE_CRITICAL flag then the
+ * modules will all be treated as 'critical', regardless of the module
+ * configuration. This means that a failure to load any module will
+ * cause this funtion to fail.
+ *
+ * For unmanaged modules there is no guarantee to the state of the
+ * modules. Other callers may be using the modules. Using unmanaged
+ * modules haphazardly is not recommended for this reason. Some
+ * modules (such as those configured with RPC) cannot be loaded in
+ * unmanaged mode, and will be skipped.
+ *
+ * Use p11_kit_modules_release() to release the modules returned by
+ * this function.
+ *
+ * If this function fails, then an error message will be available via the
+ * p11_kit_message() function.
+ *
+ * Returns: a null terminated list of modules represented as PKCS\#11
+ *     function lists, or %NULL on failure
+ */
+CK_FUNCTION_LIST **
+p11_kit_modules_load (const char *reserved,
+                      int flags)
+{
+	CK_FUNCTION_LIST **modules;
+	CK_RV rv;
+
+	/* progname attribute not implemented yet */
+	return_val_if_fail (reserved == NULL, NULL);
+
+	p11_library_init_once ();
+
+	/* WARNING: This function must be reentrant */
+	p11_debug ("in");
+
+	p11_lock ();
+
+		p11_message_clear ();
+
+		/* WARNING: Reentrancy can occur here */
+		rv = p11_modules_load_inlock_reentrant (flags, &modules);
+
+	p11_unlock ();
+
+	if (rv != CKR_OK)
+		modules = NULL;
+
+	p11_debug ("out: %s", modules ? "success" : "fail");
+	return modules;
+}
+
+/**
+ * p11_kit_modules_initialize:
+ * @modules: a %NULL terminated list of modules
+ * @failure_callback: called with modules that fail to initialize
+ *
+ * Initialize all the modules in the @modules list by calling their
+ * C_Initialize function.
+ *
+ * For managed modules the C_Initialize function
+ * is overridden so that multiple callers can initialize the same
+ * modules. In addition for managed modules multiple callers can
+ * initialize from different threads, and still guarantee consistent
+ * thread-safe behavior.
+ *
+ * For unmanaged modules if multiple callers try to initialize
+ * a module, then one of the calls will return
+ * CKR_CRYPTOKI_ALREADY_INITIALIZED according to the
+ * PKCS\#11 specification. In addition there are no guarantees that
+ * thread-safe behavior will occur if multiple callers initialize from
+ * different threads.
+ *
+ * When a module fails to initialize it is removed from the @modules list.
+ * If the @failure_callback is not %NULL then it is called with the modules that
+ * fail to initialize. For example, you may pass p11_kit_module_release()
+ * as a @failure_callback if the @modules list was loaded wit p11_kit_modules_load().
+ *
+ * The return value will return the failure code of the last critical
+ * module that failed to initialize. Non-critical module failures do not affect
+ * the return value. If no critical modules failed to initialize then the
+ * return value will be CKR_OK.
+ *
+ * When modules are removed, the list will be %NULL terminated at the
+ * appropriate place so it can continue to be used as a modules list.
+ *
+ * This function does not accept a CK_C_INITIALIZE_ARGS argument.
+ * Custom initialization arguments cannot be supported when multiple consumers
+ * load the same module.
+ *
+ * Returns: CKR_OK or the failure code of the last critical
+ * 	module that failed to initialize.
+ */
+CK_RV
+p11_kit_modules_initialize (CK_FUNCTION_LIST **modules,
+                            p11_kit_destroyer failure_callback)
+{
+	CK_RV ret = CKR_OK;
+	CK_RV rv;
+	bool critical;
+	char *name;
+	int i, out;
+
+	return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD);
+
+	for (i = 0, out = 0; modules[i] != NULL; i++, out++) {
+		rv = modules[i]->C_Initialize (NULL);
+		if (rv != CKR_OK) {
+			name = p11_kit_module_get_name (modules[i]);
+			if (name == NULL)
+				name = strdup ("(unknown)");
+			return_val_if_fail (name != NULL, CKR_HOST_MEMORY);
+			critical = (p11_kit_module_get_flags (modules[i]) & P11_KIT_MODULE_CRITICAL);
+			p11_message ("%s: module failed to initialize%s: %s",
+			             name, critical ? "" : ", skipping", p11_kit_strerror (rv));
+			if (critical)
+				ret = rv;
+			if (failure_callback)
+				failure_callback (modules[i]);
+			out--;
+			free (name);
+		}
+	}
+
+	/* NULL terminate after above changes */
+	modules[out] = NULL;
+	return ret;
+}
+
+/**
+ * p11_kit_modules_load_and_initialize:
+ * @flags: flags to use to load the modules
+ *
+ * Load and initialize configured modules.
+ *
+ * If a critical module fails to load or initialize then the function will
+ * return NULL. Non-critical modules will be skipped
+ * and not included in the returned module list.
+ *
+ * Use p11_kit_modules_finalize_and_release() when you're done with the
+ * modules returned by this function.
+ *
+ * Returns: a NULL terminated list of modules, or
+ * 	NULL on failure
+ */
+CK_FUNCTION_LIST **
+p11_kit_modules_load_and_initialize (int flags)
+{
+	CK_FUNCTION_LIST **modules;
+	CK_RV rv;
+
+	modules = p11_kit_modules_load (NULL, flags);
+	if (modules == NULL)
+		return NULL;
+
+	rv = p11_kit_modules_initialize (modules, (p11_destroyer)p11_kit_module_release);
+	if (rv != CKR_OK) {
+		p11_kit_modules_release (modules);
+		modules = NULL;
+	}
+
+	return modules;
+}
+
+/**
+ * p11_kit_modules_finalize:
+ * @modules: a NULL terminated list of modules
+ *
+ * Finalize each module in the @modules list by calling its
+ * C_Finalize function. Regardless of failures, all
+ * @modules will have their C_Finalize function called.
+ *
+ * If a module returns a failure from its C_Finalize
+ * method it will be returned. If multiple modules fail, the last failure
+ * will be returned.
+ *
+ * For managed modules the C_Finalize function
+ * is overridden so that multiple callers can finalize the same
+ * modules. In addition for managed modules multiple callers can
+ * finalize from different threads, and still guarantee consistent
+ * thread-safe behavior.
+ *
+ * For unmanaged modules if multiple callers try to finalize
+ * a module, then one of the calls will return
+ * CKR_CRYPTOKI_NOT_INITIALIZED according to the
+ * PKCS\#11 specification. In addition there are no guarantees that
+ * thread-safe behavior will occur if multiple callers finalize from
+ * different threads.
+ *
+ * Returns: CKR_OK or the failure code of the last
+ * 	module that failed to finalize
+ */
+CK_RV
+p11_kit_modules_finalize (CK_FUNCTION_LIST **modules)
+{
+	CK_RV ret = CKR_OK;
+	CK_RV rv;
+	char *name;
+	int i;
+
+	return_val_if_fail (modules != NULL, CKR_ARGUMENTS_BAD);
+
+	for (i = 0; modules[i] != NULL; i++) {
+		rv = modules[i]->C_Finalize (NULL);
+		if (rv != CKR_OK) {
+			name = p11_kit_module_get_name (modules[i]);
+			p11_message ("%s: module failed to finalize: %s",
+			             name ? name : "(unknown)", p11_kit_strerror (rv));
+			free (name);
+			ret = rv;
+		}
+	}
+
+	return ret;
+}
+
+/**
+ * p11_kit_modules_release:
+ * @modules: the modules to release
+ *
+ * Release the a set of loaded PKCS\#11 modules.
+ *
+ * The modules may be either managed or unmanaged. The array containing
+ * the module pointers is also freed by this function.
+ *
+ * Managed modules will not be actually released until all
+ * callers using them have done so. If the modules were initialized, they
+ * should have been finalized first.
+ */
+void
+p11_kit_modules_release (CK_FUNCTION_LIST **modules)
+{
+	p11_library_init_once ();
+
+	return_if_fail (modules != NULL);
+
+	/* WARNING: This function must be reentrant */
+	p11_debug ("in");
+
+	p11_lock ();
+
+		p11_message_clear ();
+		p11_modules_release_inlock_reentrant (modules);
+
+	p11_unlock ();
+
+	p11_debug ("out");
+}
+
+/**
+ * p11_kit_modules_finalize_and_release:
+ * @modules: the modules to release
+ *
+ * Finalize and then release the a set of loaded PKCS\#11 modules.
+ *
+ * The modules may be either managed or unmanaged. The array containing
+ * the module pointers is also freed by this function.
+ *
+ * Modules are released even if their finalization returns an error code.
+ * Managed modules will not be actually finalized or released until all
+ * callers using them have done so.
+ *
+ * For managed modules the C_Finalize function
+ * is overridden so that multiple callers can finalize the same
+ * modules. In addition for managed modules multiple callers can
+ * finalize from different threads, and still guarantee consistent
+ * thread-safe behavior.
+ *
+ * For unmanaged modules if multiple callers try to finalize
+ * a module, then one of the calls will return
+ * CKR_CRYPTOKI_NOT_INITIALIZED according to the
+ * PKCS\#11 specification. In addition there are no guarantees that
+ * thread-safe behavior will occur if multiple callers initialize from
+ * different threads.
+ */
+void
+p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules)
+{
+	return_if_fail (modules != NULL);
+	p11_kit_modules_finalize (modules);
+	p11_kit_modules_release (modules);
+}
+
+/**
+ * p11_kit_initialize_module:
+ * @module: loaded module to initialize.
+ *
+ * Initialize an arbitrary PKCS\#11 module. Normally using the
+ * p11_kit_initialize_registered() is preferred.
+ *
+ * Using this function to initialize modules allows coordination between
+ * multiple users of the same module in a single process. It should be called
+ * on modules that have been loaded (with dlopen() for example) but not yet
+ * initialized. The caller should not yet have called the module's
+ * C_Initialize method. This function will call
+ * C_Initialize as necessary.
+ *
+ * Subsequent calls to this function for the same module will result in an
+ * initialization count being incremented for the module. It is safe (although
+ * usually unnecessary) to use this function on registered modules.
+ *
+ * The module must be finalized with p11_kit_finalize_module() instead of
+ * calling its C_Finalize method directly.
+ *
+ * This function does not accept a CK_C_INITIALIZE_ARGS argument.
+ * Custom initialization arguments cannot be supported when multiple consumers
+ * load the same module.
+ *
+ * If this function fails, then an error message will be available via the
+ * p11_kit_message() function.
+ *
+ * Deprecated: Since 0.19.0: Use p11_kit_module_initialize() instead.
+ *
+ * Returns: CKR_OK if the initialization was successful.
  */
 CK_RV
 p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module)
 {
-	Module *allocated = NULL;
+	CK_FUNCTION_LIST_PTR result;
 	Module *mod;
-	CK_RV rv = CKR_OK;
+	int flags;
+	CK_RV rv;
 
 	return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD);
 
@@ -1143,34 +2181,132 @@ p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module)
 
 		p11_message_clear ();
 
-		rv = init_globals_unlocked ();
-		if (rv == CKR_OK) {
+		flags = P11_KIT_MODULE_CRITICAL | P11_KIT_MODULE_UNMANAGED;
+		rv = p11_module_load_inlock_reentrant (module, flags, &result);
 
-			mod = p11_dict_get (gl.modules, module);
-			if (mod == NULL) {
-				p11_debug ("allocating new module");
-				allocated = mod = alloc_module_unlocked ();
-				if (mod == NULL)
-					rv = CKR_HOST_MEMORY;
-				else
-					mod->funcs = module;
-			}
+		/* An unmanaged module should return the same pointer */
+		assert (rv != CKR_OK || result == module);
 
-			/* If this was newly allocated, add it to the list */
-			if (rv == CKR_OK && allocated) {
-				if (p11_dict_set (gl.modules, allocated->funcs, allocated))
-					allocated = NULL;
-				else
-					rv = CKR_HOST_MEMORY;
+		if (rv == CKR_OK) {
+			mod = p11_dict_get (gl.unmanaged_by_funcs, module);
+			assert (mod != NULL);
+			rv = initialize_module_inlock_reentrant (mod);
+			if (rv != CKR_OK) {
+				p11_message ("module initialization failed: %s", p11_kit_strerror (rv));
+				p11_module_release_inlock_reentrant (module);
 			}
+		}
+
+	p11_unlock ();
+
+	p11_debug ("out: %lu", rv);
+	return rv;
+}
+
+CK_RV
+p11_module_load_inlock_reentrant (CK_FUNCTION_LIST *module,
+                                  int flags,
+                                  CK_FUNCTION_LIST **result)
+{
+	Module *allocated = NULL;
+	Module *mod;
+	CK_RV rv = CKR_OK;
+
+	rv = init_globals_unlocked ();
+	if (rv == CKR_OK) {
+
+		mod = p11_dict_get (gl.unmanaged_by_funcs, module);
+		if (mod == NULL) {
+			p11_debug ("allocating new module");
+			allocated = mod = alloc_module_unlocked ();
+			return_val_if_fail (mod != NULL, CKR_HOST_MEMORY);
+			p11_virtual_init (&mod->virt, &p11_virtual_base, module, NULL);
+		}
+
+		/* If this was newly allocated, add it to the list */
+		if (rv == CKR_OK && allocated) {
+			if (!p11_dict_set (gl.modules, allocated, allocated) ||
+			    !p11_dict_set (gl.unmanaged_by_funcs, module, allocated))
+				return_val_if_reached (CKR_HOST_MEMORY);
+			allocated = NULL;
+		}
+
+		if (rv == CKR_OK) {
+			/* WARNING: Reentrancy can occur here */
+			rv = prepare_module_inlock_reentrant (mod, flags, result);
+		}
+
+		free (allocated);
+	}
+
+	/*
+	 * If initialization failed, we may need to cleanup.
+	 * If we added this module above, then this will
+	 * clean things up as expected.
+	 */
+	if (rv != CKR_OK)
+		free_modules_when_no_refs_unlocked ();
+
+	_p11_kit_default_message (rv);
+	return rv;
+}
+
+/**
+ * p11_kit_module_load:
+ * @module_path: full file path of module library
+ * @flags: flags to use when loading the module
+ *
+ * Load an arbitrary PKCS\#11 module from a dynamic library file, and
+ * initialize it. Normally using the p11_kit_modules_load() function
+ * is preferred.
+ *
+ * Using this function to load modules allows coordination between multiple
+ * callers of the same module in a single process. If @flags contains the
+ * %P11_KIT_MODULE_UNMANAGED flag, then the modules will be not be loaded
+ * in 'managed' mode and not be coordinated. This is not recommended
+ * for general usage.
+ *
+ * Subsequent calls to this function for the same module will result in an
+ * initialization count being incremented for the module. It is safe (although
+ * usually unnecessary) to use this function on registered modules.
+ *
+ * The module should be released with p11_kit_module_release().
+ *
+ * If this function fails, then an error message will be available via the
+ * p11_kit_message() function.
+ *
+ * Returns: the loaded module PKCS\#11 functions or %NULL on failure
+ */
+CK_FUNCTION_LIST *
+p11_kit_module_load (const char *module_path,
+                     int flags)
+{
+	CK_FUNCTION_LIST *module = NULL;
+	CK_RV rv;
+	Module *mod;
+
+	return_val_if_fail (module_path != NULL, NULL);
+
+	p11_library_init_once ();
+
+	/* WARNING: This function must be reentrant for the same arguments */
+	p11_debug ("in: %s", module_path);
 
+	p11_lock ();
+
+		p11_message_clear ();
+
+		rv = init_globals_unlocked ();
+		if (rv == CKR_OK) {
+
+			rv = load_module_from_file_inlock (NULL, module_path, &mod);
 			if (rv == CKR_OK) {
 
 				/* WARNING: Reentrancy can occur here */
-				rv = initialize_module_unlocked_reentrant (mod);
+				rv = prepare_module_inlock_reentrant (mod, flags, &module);
+				if (rv != CKR_OK)
+					module = NULL;
 			}
-
-			free (allocated);
 		}
 
 		/*
@@ -1181,12 +2317,11 @@ p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module)
 		if (rv != CKR_OK)
 			free_modules_when_no_refs_unlocked ();
 
-		_p11_kit_default_message (rv);
-
 	p11_unlock ();
 
-	p11_debug ("out: %lu", rv);
-	return rv;
+	p11_debug ("out: %s", module ? "success" : "fail");
+	return module;
+
 }
 
 /**
@@ -1198,7 +2333,7 @@ p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module)
  * p11_kit_finalize_registered() instead of this function.
  *
  * Using this function to finalize modules allows coordination between
- * multiple users of the same module in a single process. The caller should
+ * multiple users of the same module in a single process. The caller should not
  * call the module's C_Finalize method. This function will call
  * C_Finalize as necessary.
  *
@@ -1211,10 +2346,13 @@ p11_kit_initialize_module (CK_FUNCTION_LIST_PTR module)
  * If this function fails, then an error message will be available via the
  * p11_kit_message() function.
  *
+ * Deprecated: Since 0.19.0: Use p11_kit_module_finalize() and
+ * 	p11_kit_module_release() instead.
+ *
  * Returns: CKR_OK if the finalization was successful.
  */
 CK_RV
-p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module)
+p11_kit_finalize_module (CK_FUNCTION_LIST *module)
 {
 	Module *mod;
 	CK_RV rv = CKR_OK;
@@ -1230,13 +2368,13 @@ p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module)
 
 		p11_message_clear ();
 
-		mod = gl.modules ? p11_dict_get (gl.modules, module) : NULL;
+		mod = gl.unmanaged_by_funcs ? p11_dict_get (gl.unmanaged_by_funcs, module) : NULL;
 		if (mod == NULL) {
 			p11_debug ("module not found");
 			rv = CKR_ARGUMENTS_BAD;
 		} else {
 			/* WARNING: Rentrancy can occur here */
-			rv = finalize_module_unlocked_reentrant (mod);
+			rv = finalize_module_inlock_reentrant (mod);
 		}
 
 		_p11_kit_default_message (rv);
@@ -1248,6 +2386,130 @@ p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module)
 }
 
 /**
+ * p11_kit_module_initialize:
+ * @module: the module to initialize
+ *
+ * Initialize a PKCS\#11 module by calling its C_Initialize
+ * function.
+ *
+ * For managed modules the C_Initialize function
+ * is overridden so that multiple callers can initialize the same
+ * modules. In addition for managed modules multiple callers can
+ * initialize from different threads, and still guarantee consistent
+ * thread-safe behavior.
+ *
+ * For unmanaged modules if multiple callers try to initialize
+ * a module, then one of the calls will return
+ * CKR_CRYPTOKI_ALREADY_INITIALIZED according to the
+ * PKCS\#11 specification. In addition there are no guarantees that
+ * thread-safe behavior will occur if multiple callers initialize from
+ * different threads.
+ *
+ * This function does not accept a CK_C_INITIALIZE_ARGS argument.
+ * Custom initialization arguments cannot be supported when multiple consumers
+ * load the same module.
+ *
+ * Returns: CKR_OK or a failure code
+ */
+CK_RV
+p11_kit_module_initialize (CK_FUNCTION_LIST *module)
+{
+	char *name;
+	CK_RV rv;
+
+	return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD);
+
+	rv = module->C_Initialize (NULL);
+	if (rv != CKR_OK) {
+		name = p11_kit_module_get_name (module);
+		p11_message ("%s: module failed to initialize: %s",
+		             name ? name : "(unknown)", p11_kit_strerror (rv));
+		free (name);
+	}
+
+	return rv;
+}
+
+/**
+ * p11_kit_module_finalize:
+ * @module: the module to finalize
+ *
+ * Finalize a PKCS\#11 module by calling its C_Finalize
+ * function.
+ *
+ * For managed modules the C_Finalize function
+ * is overridden so that multiple callers can finalize the same
+ * modules. In addition for managed modules multiple callers can
+ * finalize from different threads, and still guarantee consistent
+ * thread-safe behavior.
+ *
+ * For unmanaged modules if multiple callers try to finalize
+ * a module, then one of the calls will return
+ * CKR_CRYPTOKI_NOT_INITIALIZED according to the
+ * PKCS\#11 specification. In addition there are no guarantees that
+ * thread-safe behavior will occur if multiple callers finalize from
+ * different threads.
+ *
+ * Returns: CKR_OK or a failure code
+ */
+CK_RV
+p11_kit_module_finalize (CK_FUNCTION_LIST *module)
+{
+	char *name;
+	CK_RV rv;
+
+	return_val_if_fail (module != NULL, CKR_ARGUMENTS_BAD);
+
+	rv = module->C_Finalize (NULL);
+	if (rv != CKR_OK) {
+		name = p11_kit_module_get_name (module);
+		p11_message ("%s: module failed to finalize: %s",
+		             name ? name : "(unknown)", p11_kit_strerror (rv));
+		free (name);
+	}
+
+	return rv;
+
+}
+
+
+/**
+ * p11_kit_module_release:
+ * @module: the module to release
+ *
+ * Release the a loaded PKCS\#11 modules.
+ *
+ * The module may be either managed or unmanaged. The C_Finalize
+ * function will be called if no other callers are using this module.
+ */
+void
+p11_kit_module_release (CK_FUNCTION_LIST *module)
+{
+	return_if_fail (module != NULL);
+
+	p11_library_init_once ();
+
+	/* WARNING: This function must be reentrant for the same arguments */
+	p11_debug ("in");
+
+	p11_lock ();
+
+		p11_message_clear ();
+
+		release_module_inlock_rentrant (module, __PRETTY_FUNCTION__);
+
+	p11_unlock ();
+
+	p11_debug ("out");
+}
+
+CK_RV
+p11_module_release_inlock_reentrant (CK_FUNCTION_LIST *module)
+{
+	return release_module_inlock_rentrant (module, __PRETTY_FUNCTION__);
+}
+
+/**
  * p11_kit_load_initialize_module:
  * @module_path: full file path of module library
  * @module: location to place loaded module pointer
@@ -1278,6 +2540,8 @@ p11_kit_finalize_module (CK_FUNCTION_LIST_PTR module)
  * If this function fails, then an error message will be available via the
  * p11_kit_message() function.
  *
+ * Deprecated: Since 0.19.0: Use p11_kit_module_load() instead.
+ *
  * Returns: CKR_OK if the initialization was successful.
  */
 CK_RV
@@ -1302,16 +2566,18 @@ p11_kit_load_initialize_module (const char *module_path,
 		rv = init_globals_unlocked ();
 		if (rv == CKR_OK) {
 
-			rv = load_module_from_file_unlocked (module_path, &mod);
+			rv = load_module_from_file_inlock (NULL, module_path, &mod);
 			if (rv == CKR_OK) {
 
 				/* WARNING: Reentrancy can occur here */
-				rv = initialize_module_unlocked_reentrant (mod);
+				rv = initialize_module_inlock_reentrant (mod);
 			}
 		}
 
-		if (rv == CKR_OK && module)
-			*module = mod->funcs;
+		if (rv == CKR_OK && module) {
+			*module = unmanaged_for_module_inlock (mod);
+			assert (*module != NULL);
+		}
 
 		/*
 		 * If initialization failed, we may need to cleanup.
diff --git a/p11-kit/modules.h b/p11-kit/modules.h
new file mode 100644
index 0000000..ca8dac3
--- /dev/null
+++ b/p11-kit/modules.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2013 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#ifndef __P11_MODULES_H__
+#define __P11_MODULES_H__
+
+#include "pkcs11.h"
+
+CK_RV      p11_modules_load_inlock_reentrant         (int flags,
+                                                      CK_FUNCTION_LIST_PTR **results);
+
+CK_RV      p11_modules_release_inlock_reentrant      (CK_FUNCTION_LIST_PTR *modules);
+
+CK_RV      p11_module_load_inlock_reentrant          (CK_FUNCTION_LIST_PTR module,
+                                                      int flags,
+                                                      CK_FUNCTION_LIST_PTR *result);
+
+CK_RV      p11_module_release_inlock_reentrant       (CK_FUNCTION_LIST_PTR module);
+
+#endif /* __P11_MODULES_H__ */
diff --git a/p11-kit/p11-kit.h b/p11-kit/p11-kit.h
index f83cbd0..a07bf40 100644
--- a/p11-kit/p11-kit.h
+++ b/p11-kit/p11-kit.h
@@ -44,54 +44,75 @@
 #ifdef CRYPTOKI_GNU
 typedef ck_rv_t CK_RV;
 typedef struct ck_function_list* CK_FUNCTION_LIST_PTR;
+typedef struct ck_function_list CK_FUNCTION_LIST;
 #endif
 
+#include "p11-kit/deprecated.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-CK_RV                    p11_kit_initialize_registered     (void);
+enum {
+	P11_KIT_MODULE_UNMANAGED = 1 << 0,
+	P11_KIT_MODULE_CRITICAL = 1 << 1,
+};
 
-CK_RV                    p11_kit_finalize_registered       (void);
+typedef void        (* p11_kit_destroyer)                   (void *data);
 
-CK_FUNCTION_LIST_PTR*    p11_kit_registered_modules        (void);
+CK_FUNCTION_LIST **    p11_kit_modules_load                 (const char *reserved,
+                                                             int flags);
 
-char*                    p11_kit_registered_module_to_name (CK_FUNCTION_LIST_PTR module);
+CK_RV                  p11_kit_modules_initialize           (CK_FUNCTION_LIST **modules,
+                                                             p11_kit_destroyer failure_callback);
 
-CK_FUNCTION_LIST_PTR     p11_kit_registered_name_to_module (const char *name);
+CK_FUNCTION_LIST **    p11_kit_modules_load_and_initialize  (int flags);
 
-char*                    p11_kit_registered_option         (CK_FUNCTION_LIST_PTR module,
-                                                            const char *field);
+CK_RV                  p11_kit_modules_finalize             (CK_FUNCTION_LIST **modules);
 
-CK_RV                    p11_kit_initialize_module         (CK_FUNCTION_LIST_PTR module);
+void                   p11_kit_modules_release              (CK_FUNCTION_LIST **modules);
 
-CK_RV                    p11_kit_finalize_module           (CK_FUNCTION_LIST_PTR module);
+void                   p11_kit_modules_finalize_and_release (CK_FUNCTION_LIST **modules);
 
-CK_RV                    p11_kit_load_initialize_module    (const char *module_path,
-                                                            CK_FUNCTION_LIST_PTR *module);
+CK_FUNCTION_LIST *     p11_kit_module_for_name              (CK_FUNCTION_LIST **modules,
+                                                             const char *name);
 
-const char*              p11_kit_strerror                  (CK_RV rv);
+char *                 p11_kit_module_get_name              (CK_FUNCTION_LIST *module);
 
-size_t                   p11_kit_space_strlen              (const unsigned char *string,
-                                                            size_t max_length);
+int                    p11_kit_module_get_flags             (CK_FUNCTION_LIST *module);
 
-char*                    p11_kit_space_strdup              (const unsigned char *string,
-                                                            size_t max_length);
+CK_FUNCTION_LIST *     p11_kit_module_load                  (const char *module_path,
+                                                             int flags);
 
-#ifdef P11_KIT_FUTURE_UNSTABLE_API
+CK_RV                  p11_kit_module_initialize            (CK_FUNCTION_LIST *module);
+
+CK_RV                  p11_kit_module_finalize              (CK_FUNCTION_LIST *module);
 
-void                     p11_kit_set_progname              (const char *progname);
+void                   p11_kit_module_release               (CK_FUNCTION_LIST *module);
 
-void                     p11_kit_be_quiet                  (void);
+char *                 p11_kit_config_option                (CK_FUNCTION_LIST *module,
+                                                             const char *option);
 
-void                     p11_kit_be_loud                   (void);
+const char*            p11_kit_strerror                     (CK_RV rv);
 
-const char*              p11_kit_message                   (void);
+size_t                 p11_kit_space_strlen                 (const unsigned char *string,
+                                                             size_t max_length);
 
-typedef void          (* p11_kit_destroyer)                (void *data);
+char*                  p11_kit_space_strdup                 (const unsigned char *string,
+                                                             size_t max_length);
+
+#ifdef P11_KIT_FUTURE_UNSTABLE_API
+
+void                   p11_kit_set_progname                 (const char *progname);
+
+void                   p11_kit_be_quiet                     (void);
+
+void                   p11_kit_be_loud                      (void);
 
 #endif
 
+const char *           p11_kit_message                      (void);
+
 #ifdef __cplusplus
 } /* extern "C" */
 #endif
diff --git a/p11-kit/private.h b/p11-kit/private.h
index f862975..0fa221b 100644
--- a/p11-kit/private.h
+++ b/p11-kit/private.h
@@ -38,16 +38,6 @@
 #include "compat.h"
 #include "pkcs11.h"
 
-extern CK_FUNCTION_LIST _p11_proxy_function_list;
-
-CK_FUNCTION_LIST_PTR_PTR   _p11_kit_registered_modules_unlocked (void);
-
-CK_RV       _p11_kit_initialize_registered_unlocked_reentrant   (void);
-
-CK_RV       _p11_kit_finalize_registered_unlocked_reentrant     (void);
-
-void        _p11_kit_proxy_after_fork                           (void);
-
 CK_RV       _p11_load_config_files_unlocked                     (const char *system_conf,
                                                                  const char *user_conf,
                                                                  int *user_mode);
diff --git a/p11-kit/proxy.c b/p11-kit/proxy.c
index 1908d34..36a43a1 100644
--- a/p11-kit/proxy.c
+++ b/p11-kit/proxy.c
@@ -35,15 +35,21 @@
 
 #include "config.h"
 
+#include "compat.h"
 #define P11_DEBUG_FLAG P11_DEBUG_PROXY
+#define CRYPTOKI_EXPORTS
+
 #include "debug.h"
 #include "dict.h"
 #include "library.h"
 #include "message.h"
-#define CRYPTOKI_EXPORTS
+#include "modules.h"
 #include "pkcs11.h"
+#include "pkcs11x.h"
 #include "p11-kit.h"
 #include "private.h"
+#include "proxy.h"
+#include "virtual.h"
 
 #include 
 #include 
@@ -70,17 +76,24 @@ typedef struct _Session {
 	CK_SLOT_ID wrap_slot;
 } Session;
 
-/*
- * Shared data between threads, protected by the mutex, a structure so
- * we can audit thread safety easier.
- */
-static struct _Shared {
+typedef struct {
+	int refs;
 	Mapping *mappings;
 	unsigned int n_mappings;
-	int mappings_refs;
 	p11_dict *sessions;
+	CK_FUNCTION_LIST **modules;
+} Proxy;
+
+typedef struct _State {
+	p11_virtual virt;
+	struct _State *next;
+	CK_FUNCTION_LIST *wrapped;
 	CK_ULONG last_handle;
-} gl = { NULL, 0, 0, NULL, FIRST_HANDLE };
+	Proxy *px;
+} State;
+
+static State *all_instances = NULL;
+static State global = { { { { -1, -1 }, NULL, }, }, NULL, NULL, FIRST_HANDLE, NULL };
 
 #define MANUFACTURER_ID         "PKCS#11 Kit                     "
 #define LIBRARY_DESCRIPTION     "PKCS#11 Kit Proxy Module        "
@@ -92,36 +105,42 @@ static struct _Shared {
  */
 
 static CK_RV
-map_slot_unlocked (CK_SLOT_ID slot, Mapping *mapping)
+map_slot_unlocked (Proxy *px,
+                   CK_SLOT_ID slot,
+                   Mapping *mapping)
 {
-	assert (mapping);
+	assert (px != NULL);
+	assert (mapping != NULL);
 
 	if (slot < MAPPING_OFFSET)
 		return CKR_SLOT_ID_INVALID;
 	slot -= MAPPING_OFFSET;
 
-	if (slot > gl.n_mappings) {
+	if (slot > px->n_mappings) {
 		return CKR_SLOT_ID_INVALID;
 	} else {
-		assert (gl.mappings);
-		memcpy (mapping, &gl.mappings[slot], sizeof (Mapping));
+		assert (px->mappings);
+		memcpy (mapping, &px->mappings[slot], sizeof (Mapping));
 		return CKR_OK;
 	}
 }
 
 static CK_RV
-map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping)
+map_slot_to_real (Proxy *px,
+                  CK_SLOT_ID_PTR slot,
+                  Mapping *mapping)
 {
 	CK_RV rv;
 
-	assert (mapping);
+	assert (px != NULL);
+	assert (mapping != NULL);
 
 	p11_lock ();
 
-		if (!gl.mappings)
+		if (!px)
 			rv = CKR_CRYPTOKI_NOT_INITIALIZED;
 		else
-			rv = map_slot_unlocked (*slot, mapping);
+			rv = map_slot_unlocked (px, *slot, mapping);
 		if (rv == CKR_OK)
 			*slot = mapping->real_slot;
 
@@ -131,24 +150,28 @@ map_slot_to_real (CK_SLOT_ID_PTR slot, Mapping *mapping)
 }
 
 static CK_RV
-map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *session)
+map_session_to_real (Proxy *px,
+                     CK_SESSION_HANDLE_PTR handle,
+                     Mapping *mapping,
+                     Session *session)
 {
 	CK_RV rv = CKR_OK;
 	Session *sess;
 
-	assert (handle);
-	assert (mapping);
+	assert (px != NULL);
+	assert (handle != NULL);
+	assert (mapping != NULL);
 
 	p11_lock ();
 
-		if (!gl.sessions) {
+		if (!px) {
 			rv = CKR_CRYPTOKI_NOT_INITIALIZED;
 		} else {
-			assert (gl.sessions);
-			sess = p11_dict_get (gl.sessions, handle);
+			assert (px->sessions);
+			sess = p11_dict_get (px->sessions, handle);
 			if (sess != NULL) {
 				*handle = sess->real_session;
-				rv = map_slot_unlocked (sess->wrap_slot, mapping);
+				rv = map_slot_unlocked (px, sess->wrap_slot, mapping);
 				if (session != NULL)
 					memcpy (session, sess, sizeof (Session));
 			} else {
@@ -162,45 +185,57 @@ map_session_to_real (CK_SESSION_HANDLE_PTR handle, Mapping *mapping, Session *se
 }
 
 static void
-finalize_mappings_unlocked (void)
+proxy_free (Proxy *py)
 {
-	assert (gl.mappings_refs);
-
-	if (--gl.mappings_refs)
-		return;
-
-	/* No more mappings */
-	free (gl.mappings);
-	gl.mappings = NULL;
-	gl.n_mappings = 0;
-
-	/* no more sessions */
-	p11_dict_free (gl.sessions);
-	gl.sessions = NULL;
+	if (py) {
+		p11_kit_modules_finalize_and_release (py->modules);
+		p11_dict_free (py->sessions);
+		free (py->mappings);
+		free (py);
+	}
 }
 
 void
-_p11_kit_proxy_after_fork (void)
+p11_proxy_after_fork (void)
 {
+	p11_array *array;
+	State *state;
+	unsigned int i;
+
 	/*
 	 * After a fork the callers are supposed to call C_Initialize and all.
 	 * In addition the underlying libraries may change their state so free
 	 * up any mappings and all
 	 */
 
+	array = p11_array_new (NULL);
+
 	p11_lock ();
 
-		gl.mappings_refs = 1;
-		finalize_mappings_unlocked ();
-		assert (!gl.mappings);
+		if (global.px)
+			p11_array_push (array, global.px);
+		global.px = NULL;
+
+		for (state = all_instances; state != NULL; state = state->next) {
+			if (state->px)
+				p11_array_push (array, state->px);
+			state->px = NULL;
+		}
 
 	p11_unlock ();
+
+	for (i = 0; i < array->num; i++)
+		proxy_free (array->elem[i]);
+	p11_array_free (array);
 }
 
 static CK_RV
-proxy_C_Finalize (CK_VOID_PTR reserved)
+proxy_C_Finalize (CK_X_FUNCTION_LIST *self,
+                  CK_VOID_PTR reserved)
 {
-	CK_RV rv;
+	Proxy *py = NULL;
+	State *state = (State *)self;
+	CK_RV rv = CKR_OK;
 
 	p11_debug ("in");
 
@@ -212,17 +247,16 @@ proxy_C_Finalize (CK_VOID_PTR reserved)
 	} else {
 		p11_lock ();
 
-			/* WARNING: Reentrancy can occur here */
-			rv = _p11_kit_finalize_registered_unlocked_reentrant ();
-
-			/*
-			 * If modules are all gone, then this was the last
-			 * finalize, so cleanup our mappings
-			 */
-			if (gl.mappings_refs)
-				finalize_mappings_unlocked ();
+			if (!state->px) {
+				rv = CKR_CRYPTOKI_NOT_INITIALIZED;
+			} else if (state->px->refs-- == 1) {
+				py = state->px;
+				state->px = NULL;
+			}
 
 		p11_unlock ();
+
+		proxy_free (py);
 	}
 
 	p11_debug ("out: %lu", rv);
@@ -230,35 +264,50 @@ proxy_C_Finalize (CK_VOID_PTR reserved)
 }
 
 static CK_RV
-initialize_mappings_unlocked_reentrant (void)
+proxy_create (Proxy **res)
 {
-	CK_FUNCTION_LIST_PTR *funcss, *f;
+	CK_FUNCTION_LIST_PTR *f;
 	CK_FUNCTION_LIST_PTR funcs;
-	Mapping *mappings = NULL;
-	int n_mappings = 0;
 	CK_SLOT_ID_PTR slots;
 	CK_ULONG i, count;
 	CK_RV rv = CKR_OK;
+	Proxy *py;
 
-	assert (!gl.mappings);
+	py = calloc (1, sizeof (Proxy));
+	return_val_if_fail (py != NULL, CKR_HOST_MEMORY);
 
-	funcss = _p11_kit_registered_modules_unlocked ();
-	for (f = funcss; *f; ++f) {
-		funcs = *f;
+	p11_lock ();
 
-		assert (funcs);
-		slots = NULL;
+		/* WARNING: Reentrancy can occur here */
+		rv = p11_modules_load_inlock_reentrant (0, &py->modules);
 
-		p11_unlock ();
+	p11_unlock ();
 
-			/* Ask module for its slots */
-			rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
-			if (rv == CKR_OK && count) {
-				slots = calloc (sizeof (CK_SLOT_ID), count);
-				rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
-			}
+	if (rv != CKR_OK) {
+		proxy_free (py);
+		free (py);
+		return rv;
+	}
 
-		p11_lock ();
+	rv = p11_kit_modules_initialize (py->modules, (p11_destroyer)p11_kit_module_release);
+	if (rv != CKR_OK) {
+		p11_kit_modules_release (py->modules);
+		free (py);
+		return rv;
+	}
+
+	for (f = py->modules; *f; ++f) {
+		funcs = *f;
+
+		assert (funcs != NULL);
+		slots = NULL;
+
+		/* Ask module for its slots */
+		rv = (funcs->C_GetSlotList) (FALSE, NULL, &count);
+		if (rv == CKR_OK && count) {
+			slots = calloc (sizeof (CK_SLOT_ID), count);
+			rv = (funcs->C_GetSlotList) (FALSE, slots, &count);
+		}
 
 		if (rv != CKR_OK) {
 			free (slots);
@@ -267,41 +316,40 @@ initialize_mappings_unlocked_reentrant (void)
 
 		return_val_if_fail (count == 0 || slots != NULL, CKR_GENERAL_ERROR);
 
-		mappings = realloc (mappings, sizeof (Mapping) * (n_mappings + count));
-		return_val_if_fail (mappings != NULL, CKR_HOST_MEMORY);
+		py->mappings = realloc (py->mappings, sizeof (Mapping) * (py->n_mappings + count));
+		return_val_if_fail (py->mappings != NULL, CKR_HOST_MEMORY);
 
 		/* And now add a mapping for each of those slots */
 		for (i = 0; i < count; ++i) {
-			mappings[n_mappings].funcs = funcs;
-			mappings[n_mappings].wrap_slot = n_mappings + MAPPING_OFFSET;
-			mappings[n_mappings].real_slot = slots[i];
-			++n_mappings;
+			py->mappings[py->n_mappings].funcs = funcs;
+			py->mappings[py->n_mappings].wrap_slot = py->n_mappings + MAPPING_OFFSET;
+			py->mappings[py->n_mappings].real_slot = slots[i];
+			++py->n_mappings;
 		}
 
 		free (slots);
 	}
 
-	free (funcss);
-
-	/* Another thread raced us here due to above reentrancy */
-	if (gl.mappings) {
-		free (mappings);
-		return CKR_OK;
+	if (rv != CKR_OK) {
+		proxy_free (py);
+		return rv;
 	}
 
-	assert (!gl.sessions);
-	gl.mappings = mappings;
-	gl.n_mappings = n_mappings;
-	gl.sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free);
-	++gl.mappings_refs;
+	py->sessions = p11_dict_new (p11_dict_ulongptr_hash, p11_dict_ulongptr_equal, NULL, free);
+	return_val_if_fail (py->sessions != NULL, CKR_HOST_MEMORY);
+	py->refs = 1;
 
-	/* Any cleanup necessary for failure will happen at caller */
-	return rv;
+	*res = py;
+	return CKR_OK;
 }
 
 static CK_RV
-proxy_C_Initialize (CK_VOID_PTR init_args)
+proxy_C_Initialize (CK_X_FUNCTION_LIST *self,
+                    CK_VOID_PTR init_args)
 {
+	State *state = (State *)self;
+	bool initialize = false;
+	Proxy *py;
 	CK_RV rv;
 
 	p11_library_init_once ();
@@ -312,27 +360,43 @@ proxy_C_Initialize (CK_VOID_PTR init_args)
 
 	p11_lock ();
 
-		/* WARNING: Reentrancy can occur here */
-		rv = _p11_kit_initialize_registered_unlocked_reentrant ();
-
-		/* WARNING: Reentrancy can occur here */
-		if (rv == CKR_OK && gl.mappings_refs == 0)
-			rv = initialize_mappings_unlocked_reentrant ();
+		if (state->px == NULL)
+			initialize = true;
+		else
+			state->px->refs++;
 
 	p11_unlock ();
 
-	p11_debug ("here");
+	if (!initialize) {
+		p11_debug ("out: already: %lu", CKR_OK);
+		return CKR_OK;
+	}
 
-	if (rv != CKR_OK)
-		proxy_C_Finalize (NULL);
+	rv = proxy_create (&py);
+	if (rv != CKR_OK) {
+		p11_debug ("out: %lu", rv);
+		return rv;
+	}
 
-	p11_debug ("out: %lu", rv);
+	p11_lock ();
+
+		if (state->px == NULL) {
+			state->px = py;
+			py = NULL;
+		}
+
+	p11_unlock ();
+
+	proxy_free (py);
+	p11_debug ("out: 0");
 	return rv;
 }
 
 static CK_RV
-proxy_C_GetInfo (CK_INFO_PTR info)
+proxy_C_GetInfo (CK_X_FUNCTION_LIST *self,
+                 CK_INFO_PTR info)
 {
+	State *state = (State *)self;
 	CK_RV rv = CKR_OK;
 
 	p11_library_init_once ();
@@ -341,7 +405,7 @@ proxy_C_GetInfo (CK_INFO_PTR info)
 
 	p11_lock ();
 
-		if (!gl.mappings)
+		if (!state->px)
 			rv = CKR_CRYPTOKI_NOT_INITIALIZED;
 
 	p11_unlock ();
@@ -349,6 +413,7 @@ proxy_C_GetInfo (CK_INFO_PTR info)
 	if (rv != CKR_OK)
 		return rv;
 
+	memset (info, 0, sizeof (CK_INFO));
 	info->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR;
 	info->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR;
 	info->libraryVersion.major = LIBRARY_VERSION_MAJOR;
@@ -360,19 +425,12 @@ proxy_C_GetInfo (CK_INFO_PTR info)
 }
 
 static CK_RV
-proxy_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
-{
-	/* Can be called before C_Initialize */
-
-	return_val_if_fail (list != NULL, CKR_ARGUMENTS_BAD);
-	*list = &_p11_proxy_function_list;
-	return CKR_OK;
-}
-
-static CK_RV
-proxy_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list,
-                       CK_ULONG_PTR count)
+proxy_C_GetSlotList (CK_X_FUNCTION_LIST *self,
+                     CK_BBOOL token_present,
+                     CK_SLOT_ID_PTR slot_list,
+                     CK_ULONG_PTR count)
 {
+	State *state = (State *)self;
 	CK_SLOT_INFO info;
 	Mapping *mapping;
 	CK_ULONG index;
@@ -383,14 +441,14 @@ proxy_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list,
 
 	p11_lock ();
 
-		if (!gl.mappings) {
+		if (!state->px) {
 			rv = CKR_CRYPTOKI_NOT_INITIALIZED;
 		} else {
 			index = 0;
 
 			/* Go through and build up a map */
-			for (i = 0; i < gl.n_mappings; ++i) {
-				mapping = &gl.mappings[i];
+			for (i = 0; i < state->px->n_mappings; ++i) {
+				mapping = &state->px->mappings[i];
 
 				/* Skip ones without a token if requested */
 				if (token_present) {
@@ -420,84 +478,109 @@ proxy_C_GetSlotList (CK_BBOOL token_present, CK_SLOT_ID_PTR slot_list,
 }
 
 static CK_RV
-proxy_C_GetSlotInfo (CK_SLOT_ID id, CK_SLOT_INFO_PTR info)
+proxy_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
+                     CK_SLOT_ID id,
+                     CK_SLOT_INFO_PTR info)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_slot_to_real (&id, &map);
+	rv = map_slot_to_real (state->px, &id, &map);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GetSlotInfo) (id, info);
 }
 
 static CK_RV
-proxy_C_GetTokenInfo (CK_SLOT_ID id, CK_TOKEN_INFO_PTR info)
+proxy_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
+                      CK_SLOT_ID id,
+                      CK_TOKEN_INFO_PTR info)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_slot_to_real (&id, &map);
+	rv = map_slot_to_real (state->px, &id, &map);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GetTokenInfo) (id, info);
 }
 
 static CK_RV
-proxy_C_GetMechanismList (CK_SLOT_ID id, CK_MECHANISM_TYPE_PTR mechanism_list,
+proxy_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
+                          CK_SLOT_ID id,
+                          CK_MECHANISM_TYPE_PTR mechanism_list,
                           CK_ULONG_PTR count)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_slot_to_real (&id, &map);
+	rv = map_slot_to_real (state->px, &id, &map);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GetMechanismList) (id, mechanism_list, count);
 }
 
 static CK_RV
-proxy_C_GetMechanismInfo (CK_SLOT_ID id, CK_MECHANISM_TYPE type,
+proxy_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
+                          CK_SLOT_ID id,
+                          CK_MECHANISM_TYPE type,
                           CK_MECHANISM_INFO_PTR info)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_slot_to_real (&id, &map);
+	rv = map_slot_to_real (state->px, &id, &map);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GetMechanismInfo) (id, type, info);
 }
 
 static CK_RV
-proxy_C_InitToken (CK_SLOT_ID id, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len, CK_UTF8CHAR_PTR label)
+proxy_C_InitToken (CK_X_FUNCTION_LIST *self,
+                   CK_SLOT_ID id,
+                   CK_UTF8CHAR_PTR pin,
+                   CK_ULONG pin_len,
+                   CK_UTF8CHAR_PTR label)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_slot_to_real (&id, &map);
+	rv = map_slot_to_real (state->px, &id, &map);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_InitToken) (id, pin, pin_len, label);
 }
 
 static CK_RV
-proxy_C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR slot, CK_VOID_PTR reserved)
+proxy_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
+                          CK_FLAGS flags,
+                          CK_SLOT_ID_PTR slot,
+                          CK_VOID_PTR reserved)
 {
 	return CKR_FUNCTION_NOT_SUPPORTED;
 }
 
 static CK_RV
-proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data,
-                     CK_NOTIFY callback, CK_SESSION_HANDLE_PTR handle)
+proxy_C_OpenSession (CK_X_FUNCTION_LIST *self,
+                     CK_SLOT_ID id,
+                     CK_FLAGS flags,
+                     CK_VOID_PTR user_data,
+                     CK_NOTIFY callback,
+                     CK_SESSION_HANDLE_PTR handle)
 {
+	State *state = (State *)self;
 	Session *sess;
 	Mapping map;
 	CK_RV rv;
 
 	return_val_if_fail (handle != NULL, CKR_ARGUMENTS_BAD);
 
-	rv = map_slot_to_real (&id, &map);
+	rv = map_slot_to_real (state->px, &id, &map);
 	if (rv != CKR_OK)
 		return rv;
 
@@ -506,7 +589,7 @@ proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data,
 	if (rv == CKR_OK) {
 		p11_lock ();
 
-			if (!gl.sessions) {
+			if (!state->px) {
 				/*
 				 * The underlying module should have returned an error, so this
 				 * code should never be reached with properly behaving modules.
@@ -519,8 +602,8 @@ proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data,
 				sess = calloc (1, sizeof (Session));
 				sess->wrap_slot = map.wrap_slot;
 				sess->real_session = *handle;
-				sess->wrap_session = ++gl.last_handle; /* TODO: Handle wrapping, and then collisions */
-				p11_dict_set (gl.sessions, &sess->wrap_session, sess);
+				sess->wrap_session = ++state->last_handle; /* TODO: Handle wrapping, and then collisions */
+				p11_dict_set (state->px->sessions, &sess->wrap_session, sess);
 				*handle = sess->wrap_session;
 			}
 
@@ -531,14 +614,16 @@ proxy_C_OpenSession (CK_SLOT_ID id, CK_FLAGS flags, CK_VOID_PTR user_data,
 }
 
 static CK_RV
-proxy_C_CloseSession (CK_SESSION_HANDLE handle)
+proxy_C_CloseSession (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE handle)
 {
+	State *state = (State *)self;
 	CK_SESSION_HANDLE key;
 	Mapping map;
 	CK_RV rv;
 
 	key = handle;
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	rv = (map.funcs->C_CloseSession) (handle);
@@ -546,8 +631,8 @@ proxy_C_CloseSession (CK_SESSION_HANDLE handle)
 	if (rv == CKR_OK) {
 		p11_lock ();
 
-			if (gl.sessions)
-				p11_dict_remove (gl.sessions, &key);
+			if (state->px)
+				p11_dict_remove (state->px->sessions, &key);
 
 		p11_unlock ();
 	}
@@ -556,8 +641,10 @@ proxy_C_CloseSession (CK_SESSION_HANDLE handle)
 }
 
 static CK_RV
-proxy_C_CloseAllSessions (CK_SLOT_ID id)
+proxy_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
+                          CK_SLOT_ID id)
 {
+	State *state = (State *)self;
 	CK_SESSION_HANDLE_PTR to_close;
 	CK_RV rv = CKR_OK;
 	Session *sess;
@@ -566,14 +653,15 @@ proxy_C_CloseAllSessions (CK_SLOT_ID id)
 
 	p11_lock ();
 
-		if (!gl.sessions) {
+		if (!state->px) {
 			rv = CKR_CRYPTOKI_NOT_INITIALIZED;
 		} else {
-			to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (gl.sessions));
+			assert (state->px->sessions != NULL);
+			to_close = calloc (sizeof (CK_SESSION_HANDLE), p11_dict_size (state->px->sessions));
 			if (!to_close) {
 				rv = CKR_HOST_MEMORY;
 			} else {
-				p11_dict_iterate (gl.sessions, &iter);
+				p11_dict_iterate (state->px->sessions, &iter);
 				count = 0;
 				while (p11_dict_next (&iter, NULL, (void**)&sess)) {
 					if (sess->wrap_slot == id && to_close)
@@ -588,46 +676,53 @@ proxy_C_CloseAllSessions (CK_SLOT_ID id)
 		return rv;
 
 	for (i = 0; i < count; ++i)
-		proxy_C_CloseSession (to_close[i]);
+		proxy_C_CloseSession (self, to_close[i]);
 
 	free (to_close);
 	return CKR_OK;
 }
 
 static CK_RV
-proxy_C_GetFunctionStatus (CK_SESSION_HANDLE handle)
+proxy_C_GetFunctionStatus (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE handle)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GetFunctionStatus) (handle);
 }
 
 static CK_RV
-proxy_C_CancelFunction (CK_SESSION_HANDLE handle)
+proxy_C_CancelFunction (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE handle)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_CancelFunction) (handle);
 }
 
 static CK_RV
-proxy_C_GetSessionInfo (CK_SESSION_HANDLE handle, CK_SESSION_INFO_PTR info)
+proxy_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE handle,
+                        CK_SESSION_INFO_PTR info)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
 	if (info == NULL)
 		return CKR_ARGUMENTS_BAD;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 
@@ -639,12 +734,16 @@ proxy_C_GetSessionInfo (CK_SESSION_HANDLE handle, CK_SESSION_INFO_PTR info)
 }
 
 static CK_RV
-proxy_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
+proxy_C_InitPIN (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE handle,
+                 CK_UTF8CHAR_PTR pin,
+                 CK_ULONG pin_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 
@@ -652,13 +751,18 @@ proxy_C_InitPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR pin, CK_ULONG pin_len
 }
 
 static CK_RV
-proxy_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_pin_len,
-                CK_UTF8CHAR_PTR new_pin, CK_ULONG new_pin_len)
+proxy_C_SetPIN (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE handle,
+                CK_UTF8CHAR_PTR old_pin,
+                CK_ULONG old_pin_len,
+                CK_UTF8CHAR_PTR new_pin,
+                CK_ULONG new_pin_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 
@@ -666,39 +770,51 @@ proxy_C_SetPIN (CK_SESSION_HANDLE handle, CK_UTF8CHAR_PTR old_pin, CK_ULONG old_
 }
 
 static CK_RV
-proxy_C_GetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state, CK_ULONG_PTR operation_state_len)
+proxy_C_GetOperationState (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE handle,
+                           CK_BYTE_PTR operation_state,
+                           CK_ULONG_PTR operation_state_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GetOperationState) (handle, operation_state, operation_state_len);
 }
 
 static CK_RV
-proxy_C_SetOperationState (CK_SESSION_HANDLE handle, CK_BYTE_PTR operation_state,
-                           CK_ULONG operation_state_len, CK_OBJECT_HANDLE encryption_key,
+proxy_C_SetOperationState (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE handle,
+                           CK_BYTE_PTR operation_state,
+                           CK_ULONG operation_state_len,
+                           CK_OBJECT_HANDLE encryption_key,
                            CK_OBJECT_HANDLE authentication_key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_SetOperationState) (handle, operation_state, operation_state_len, encryption_key, authentication_key);
 }
 
 static CK_RV
-proxy_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type,
-               CK_UTF8CHAR_PTR pin, CK_ULONG pin_len)
+proxy_C_Login (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE handle,
+               CK_USER_TYPE user_type,
+               CK_UTF8CHAR_PTR pin,
+               CK_ULONG pin_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 
@@ -706,25 +822,31 @@ proxy_C_Login (CK_SESSION_HANDLE handle, CK_USER_TYPE user_type,
 }
 
 static CK_RV
-proxy_C_Logout (CK_SESSION_HANDLE handle)
+proxy_C_Logout (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE handle)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_Logout) (handle);
 }
 
 static CK_RV
-proxy_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
-                      CK_ULONG count, CK_OBJECT_HANDLE_PTR new_object)
+proxy_C_CreateObject (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE handle,
+                      CK_ATTRIBUTE_PTR template,
+                      CK_ULONG count,
+                      CK_OBJECT_HANDLE_PTR new_object)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 
@@ -732,592 +854,1447 @@ proxy_C_CreateObject (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
 }
 
 static CK_RV
-proxy_C_CopyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
-                    CK_ATTRIBUTE_PTR template, CK_ULONG count,
+proxy_C_CopyObject (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE handle,
+                    CK_OBJECT_HANDLE object,
+                    CK_ATTRIBUTE_PTR template,
+                    CK_ULONG count,
                     CK_OBJECT_HANDLE_PTR new_object)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_CopyObject) (handle, object, template, count, new_object);
 }
 
 static CK_RV
-proxy_C_DestroyObject (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object)
+proxy_C_DestroyObject (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE handle,
+                       CK_OBJECT_HANDLE object)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DestroyObject) (handle, object);
 }
 
 static CK_RV
-proxy_C_GetObjectSize (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
+proxy_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE handle,
+                       CK_OBJECT_HANDLE object,
                        CK_ULONG_PTR size)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GetObjectSize) (handle, object, size);
 }
 
 static CK_RV
-proxy_C_GetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
-                           CK_ATTRIBUTE_PTR template, CK_ULONG count)
+proxy_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE handle,
+                           CK_OBJECT_HANDLE object,
+                           CK_ATTRIBUTE_PTR template,
+                           CK_ULONG count)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GetAttributeValue) (handle, object, template, count);
 }
 
 static CK_RV
-proxy_C_SetAttributeValue (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE object,
-                           CK_ATTRIBUTE_PTR template, CK_ULONG count)
+proxy_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE handle,
+                           CK_OBJECT_HANDLE object,
+                           CK_ATTRIBUTE_PTR template,
+                           CK_ULONG count)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_SetAttributeValue) (handle, object, template, count);
 }
 
 static CK_RV
-proxy_C_FindObjectsInit (CK_SESSION_HANDLE handle, CK_ATTRIBUTE_PTR template,
+proxy_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE handle,
+                         CK_ATTRIBUTE_PTR template,
                          CK_ULONG count)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_FindObjectsInit) (handle, template, count);
 }
 
 static CK_RV
-proxy_C_FindObjects (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE_PTR objects,
-                     CK_ULONG max_count, CK_ULONG_PTR count)
+proxy_C_FindObjects (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE handle,
+                     CK_OBJECT_HANDLE_PTR objects,
+                     CK_ULONG max_count,
+                     CK_ULONG_PTR count)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_FindObjects) (handle, objects, max_count, count);
 }
 
 static CK_RV
-proxy_C_FindObjectsFinal (CK_SESSION_HANDLE handle)
+proxy_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
+                          CK_SESSION_HANDLE handle)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_FindObjectsFinal) (handle);
 }
 
 static CK_RV
-proxy_C_EncryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+proxy_C_EncryptInit (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE handle,
+                     CK_MECHANISM_PTR mechanism,
                      CK_OBJECT_HANDLE key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_EncryptInit) (handle, mechanism, key);
 }
 
 static CK_RV
-proxy_C_Encrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
-                 CK_BYTE_PTR encrypted_data, CK_ULONG_PTR encrypted_data_len)
+proxy_C_Encrypt (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE handle,
+                 CK_BYTE_PTR input,
+                 CK_ULONG input_len,
+                 CK_BYTE_PTR encrypted_data,
+                 CK_ULONG_PTR encrypted_data_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
-	return (map.funcs->C_Encrypt) (handle, data, data_len, encrypted_data, encrypted_data_len);
+	return (map.funcs->C_Encrypt) (handle, input, input_len, encrypted_data, encrypted_data_len);
 }
 
 static CK_RV
-proxy_C_EncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
-                       CK_ULONG part_len, CK_BYTE_PTR encrypted_part,
+proxy_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE handle,
+                       CK_BYTE_PTR part,
+                       CK_ULONG part_len,
+                       CK_BYTE_PTR encrypted_part,
                        CK_ULONG_PTR encrypted_part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_EncryptUpdate) (handle, part, part_len, encrypted_part, encrypted_part_len);
 }
 
 static CK_RV
-proxy_C_EncryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part,
+proxy_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE handle,
+                      CK_BYTE_PTR last_part,
                       CK_ULONG_PTR last_part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_EncryptFinal) (handle, last_part, last_part_len);
 }
 
 static CK_RV
-proxy_C_DecryptInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+proxy_C_DecryptInit (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE handle,
+                     CK_MECHANISM_PTR mechanism,
                      CK_OBJECT_HANDLE key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DecryptInit) (handle, mechanism, key);
 }
 
 static CK_RV
-proxy_C_Decrypt (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_data,
-                 CK_ULONG enc_data_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len)
+proxy_C_Decrypt (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE handle,
+                 CK_BYTE_PTR enc_data,
+                 CK_ULONG enc_data_len,
+                 CK_BYTE_PTR output,
+                 CK_ULONG_PTR output_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
-	return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, data, data_len);
+	return (map.funcs->C_Decrypt) (handle, enc_data, enc_data_len, output, output_len);
 }
 
 static CK_RV
-proxy_C_DecryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
-                       CK_ULONG enc_part_len, CK_BYTE_PTR part, CK_ULONG_PTR part_len)
+proxy_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE handle,
+                       CK_BYTE_PTR enc_part,
+                       CK_ULONG enc_part_len,
+                       CK_BYTE_PTR part,
+                       CK_ULONG_PTR part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DecryptUpdate) (handle, enc_part, enc_part_len, part, part_len);
 }
 
 static CK_RV
-proxy_C_DecryptFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR last_part,
+proxy_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE handle,
+                      CK_BYTE_PTR last_part,
                       CK_ULONG_PTR last_part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DecryptFinal) (handle, last_part, last_part_len);
 }
 
 static CK_RV
-proxy_C_DigestInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism)
+proxy_C_DigestInit (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE handle,
+                    CK_MECHANISM_PTR mechanism)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DigestInit) (handle, mechanism);
 }
 
 static CK_RV
-proxy_C_Digest (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
-                CK_BYTE_PTR digest, CK_ULONG_PTR digest_len)
+proxy_C_Digest (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE handle,
+                CK_BYTE_PTR input,
+                CK_ULONG input_len,
+                CK_BYTE_PTR digest,
+                CK_ULONG_PTR digest_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
-	return (map.funcs->C_Digest) (handle, data, data_len, digest, digest_len);
+	return (map.funcs->C_Digest) (handle, input, input_len, digest, digest_len);
 }
 
 static CK_RV
-proxy_C_DigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
+proxy_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE handle,
+                      CK_BYTE_PTR part,
+                      CK_ULONG part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DigestUpdate) (handle, part, part_len);
 }
 
 static CK_RV
-proxy_C_DigestKey (CK_SESSION_HANDLE handle, CK_OBJECT_HANDLE key)
+proxy_C_DigestKey (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE handle,
+                   CK_OBJECT_HANDLE key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DigestKey) (handle, key);
 }
 
 static CK_RV
-proxy_C_DigestFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR digest,
+proxy_C_DigestFinal (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE handle,
+                     CK_BYTE_PTR digest,
                      CK_ULONG_PTR digest_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DigestFinal) (handle, digest, digest_len);
 }
 
 static CK_RV
-proxy_C_SignInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+proxy_C_SignInit (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE handle,
+                  CK_MECHANISM_PTR mechanism,
                   CK_OBJECT_HANDLE key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_SignInit) (handle, mechanism, key);
 }
 
 static CK_RV
-proxy_C_Sign (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
-              CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
+proxy_C_Sign (CK_X_FUNCTION_LIST *self,
+              CK_SESSION_HANDLE handle,
+              CK_BYTE_PTR input,
+              CK_ULONG input_len,
+              CK_BYTE_PTR signature,
+              CK_ULONG_PTR signature_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
-	return (map.funcs->C_Sign) (handle, data, data_len, signature, signature_len);
+	return (map.funcs->C_Sign) (handle, input, input_len, signature, signature_len);
 }
 
 static CK_RV
-proxy_C_SignUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
+proxy_C_SignUpdate (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE handle,
+                    CK_BYTE_PTR part,
+                    CK_ULONG part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_SignUpdate) (handle, part, part_len);
 }
 
 static CK_RV
-proxy_C_SignFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
+proxy_C_SignFinal (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE handle,
+                   CK_BYTE_PTR signature,
                    CK_ULONG_PTR signature_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_SignFinal) (handle, signature, signature_len);
 }
 
 static CK_RV
-proxy_C_SignRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+proxy_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE handle,
+                         CK_MECHANISM_PTR mechanism,
                          CK_OBJECT_HANDLE key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_SignRecoverInit) (handle, mechanism, key);
 }
 
 static CK_RV
-proxy_C_SignRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
-                     CK_BYTE_PTR signature, CK_ULONG_PTR signature_len)
+proxy_C_SignRecover (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE handle,
+                     CK_BYTE_PTR input,
+                     CK_ULONG input_len,
+                     CK_BYTE_PTR signature,
+                     CK_ULONG_PTR signature_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
-	return (map.funcs->C_SignRecover) (handle, data, data_len, signature, signature_len);
+	return (map.funcs->C_SignRecover) (handle, input, input_len, signature, signature_len);
 }
 
 static CK_RV
-proxy_C_VerifyInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+proxy_C_VerifyInit (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE handle,
+                    CK_MECHANISM_PTR mechanism,
                     CK_OBJECT_HANDLE key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_VerifyInit) (handle, mechanism, key);
 }
 
 static CK_RV
-proxy_C_Verify (CK_SESSION_HANDLE handle, CK_BYTE_PTR data, CK_ULONG data_len,
-                CK_BYTE_PTR signature, CK_ULONG signature_len)
+proxy_C_Verify (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE handle,
+                CK_BYTE_PTR input,
+                CK_ULONG input_len,
+                CK_BYTE_PTR signature,
+                CK_ULONG signature_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
-	return (map.funcs->C_Verify) (handle, data, data_len, signature, signature_len);
+	return (map.funcs->C_Verify) (handle, input, input_len, signature, signature_len);
 }
 
 static CK_RV
-proxy_C_VerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part, CK_ULONG part_len)
+proxy_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE handle,
+                      CK_BYTE_PTR part,
+                      CK_ULONG part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_VerifyUpdate) (handle, part, part_len);
 }
 
 static CK_RV
-proxy_C_VerifyFinal (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
+proxy_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE handle,
+                     CK_BYTE_PTR signature,
                      CK_ULONG signature_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_VerifyFinal) (handle, signature, signature_len);
 }
 
 static CK_RV
-proxy_C_VerifyRecoverInit (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
+proxy_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE handle,
+                           CK_MECHANISM_PTR mechanism,
                            CK_OBJECT_HANDLE key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_VerifyRecoverInit) (handle, mechanism, key);
 }
 
 static CK_RV
-proxy_C_VerifyRecover (CK_SESSION_HANDLE handle, CK_BYTE_PTR signature,
-                       CK_ULONG signature_len, CK_BYTE_PTR data, CK_ULONG_PTR data_len)
+proxy_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE handle,
+                       CK_BYTE_PTR signature,
+                       CK_ULONG signature_len,
+                       CK_BYTE_PTR output,
+                       CK_ULONG_PTR output_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
-	return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, data, data_len);
+	return (map.funcs->C_VerifyRecover) (handle, signature, signature_len, output, output_len);
 }
 
 static CK_RV
-proxy_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
-                             CK_ULONG part_len, CK_BYTE_PTR enc_part,
+proxy_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
+                             CK_SESSION_HANDLE handle,
+                             CK_BYTE_PTR part,
+                             CK_ULONG part_len,
+                             CK_BYTE_PTR enc_part,
                              CK_ULONG_PTR enc_part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DigestEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len);
 }
 
 static CK_RV
-proxy_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
-                             CK_ULONG enc_part_len, CK_BYTE_PTR part,
+proxy_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
+                             CK_SESSION_HANDLE handle,
+                             CK_BYTE_PTR enc_part,
+                             CK_ULONG enc_part_len,
+                             CK_BYTE_PTR part,
                              CK_ULONG_PTR part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DecryptDigestUpdate) (handle, enc_part, enc_part_len, part, part_len);
 }
 
 static CK_RV
-proxy_C_SignEncryptUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR part,
-                           CK_ULONG part_len, CK_BYTE_PTR enc_part,
+proxy_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE handle,
+                           CK_BYTE_PTR part,
+                           CK_ULONG part_len,
+                           CK_BYTE_PTR enc_part,
                            CK_ULONG_PTR enc_part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_SignEncryptUpdate) (handle, part, part_len, enc_part, enc_part_len);
 }
 
 static CK_RV
-proxy_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle, CK_BYTE_PTR enc_part,
-                             CK_ULONG enc_part_len, CK_BYTE_PTR part,
+proxy_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
+                             CK_SESSION_HANDLE handle,
+                             CK_BYTE_PTR enc_part,
+                             CK_ULONG enc_part_len,
+                             CK_BYTE_PTR part,
                              CK_ULONG_PTR part_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DecryptVerifyUpdate) (handle, enc_part, enc_part_len, part, part_len);
 }
 
 static CK_RV
-proxy_C_GenerateKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
-                     CK_ATTRIBUTE_PTR template, CK_ULONG count,
+proxy_C_GenerateKey (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE handle,
+                     CK_MECHANISM_PTR mechanism,
+                     CK_ATTRIBUTE_PTR template,
+                     CK_ULONG count,
                      CK_OBJECT_HANDLE_PTR key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GenerateKey) (handle, mechanism, template, count, key);
 }
 
 static CK_RV
-proxy_C_GenerateKeyPair (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
-                         CK_ATTRIBUTE_PTR pub_template, CK_ULONG pub_count,
-                         CK_ATTRIBUTE_PTR priv_template, CK_ULONG priv_count,
-                         CK_OBJECT_HANDLE_PTR pub_key, CK_OBJECT_HANDLE_PTR priv_key)
+proxy_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE handle,
+                         CK_MECHANISM_PTR mechanism,
+                         CK_ATTRIBUTE_PTR pub_template,
+                         CK_ULONG pub_count,
+                         CK_ATTRIBUTE_PTR priv_template,
+                         CK_ULONG priv_count,
+                         CK_OBJECT_HANDLE_PTR pub_key,
+                         CK_OBJECT_HANDLE_PTR priv_key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GenerateKeyPair) (handle, mechanism, pub_template, pub_count, priv_template, priv_count, pub_key, priv_key);
 }
 
 static CK_RV
-proxy_C_WrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
-                 CK_OBJECT_HANDLE wrapping_key, CK_OBJECT_HANDLE key,
-                 CK_BYTE_PTR wrapped_key, CK_ULONG_PTR wrapped_key_len)
+proxy_C_WrapKey (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE handle,
+                 CK_MECHANISM_PTR mechanism,
+                 CK_OBJECT_HANDLE wrapping_key,
+                 CK_OBJECT_HANDLE key,
+                 CK_BYTE_PTR wrapped_key,
+                 CK_ULONG_PTR wrapped_key_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_WrapKey) (handle, mechanism, wrapping_key, key, wrapped_key, wrapped_key_len);
 }
 
 static CK_RV
-proxy_C_UnwrapKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
-                   CK_OBJECT_HANDLE unwrapping_key, CK_BYTE_PTR wrapped_key,
-                   CK_ULONG wrapped_key_len, CK_ATTRIBUTE_PTR template,
-                   CK_ULONG count, CK_OBJECT_HANDLE_PTR key)
+proxy_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE handle,
+                   CK_MECHANISM_PTR mechanism,
+                   CK_OBJECT_HANDLE unwrapping_key,
+                   CK_BYTE_PTR wrapped_key,
+                   CK_ULONG wrapped_key_len,
+                   CK_ATTRIBUTE_PTR template,
+                   CK_ULONG count,
+                   CK_OBJECT_HANDLE_PTR key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_UnwrapKey) (handle, mechanism, unwrapping_key, wrapped_key, wrapped_key_len, template, count, key);
 }
 
 static CK_RV
-proxy_C_DeriveKey (CK_SESSION_HANDLE handle, CK_MECHANISM_PTR mechanism,
-                   CK_OBJECT_HANDLE base_key, CK_ATTRIBUTE_PTR template,
-                   CK_ULONG count, CK_OBJECT_HANDLE_PTR key)
+proxy_C_DeriveKey (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE handle,
+                   CK_MECHANISM_PTR mechanism,
+                   CK_OBJECT_HANDLE base_key,
+                   CK_ATTRIBUTE_PTR template,
+                   CK_ULONG count,
+                   CK_OBJECT_HANDLE_PTR key)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_DeriveKey) (handle, mechanism, base_key, template, count, key);
 }
 
 static CK_RV
-proxy_C_SeedRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR seed, CK_ULONG seed_len)
+proxy_C_SeedRandom (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE handle,
+                    CK_BYTE_PTR seed,
+                    CK_ULONG seed_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_SeedRandom) (handle, seed, seed_len);
 }
 
 static CK_RV
-proxy_C_GenerateRandom (CK_SESSION_HANDLE handle, CK_BYTE_PTR random_data,
-                          CK_ULONG random_len)
+proxy_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE handle,
+                        CK_BYTE_PTR random_data,
+                        CK_ULONG random_len)
 {
+	State *state = (State *)self;
 	Mapping map;
 	CK_RV rv;
 
-	rv = map_session_to_real (&handle, &map, NULL);
+	rv = map_session_to_real (state->px, &handle, &map, NULL);
 	if (rv != CKR_OK)
 		return rv;
 	return (map.funcs->C_GenerateRandom) (handle, random_data, random_len);
 }
 
 /* --------------------------------------------------------------------
+ * Global module functions
+ */
+
+static CK_FUNCTION_LIST module_functions;
+
+static CK_RV
+module_C_Initialize (CK_VOID_PTR init_args)
+{
+	return proxy_C_Initialize (&global.virt.funcs, init_args);
+}
+
+static CK_RV
+module_C_Finalize (CK_VOID_PTR reserved)
+{
+	return proxy_C_Finalize (&global.virt.funcs, reserved);
+}
+
+static CK_RV
+module_C_GetInfo (CK_INFO_PTR info)
+{
+	return proxy_C_GetInfo (&global.virt.funcs, info);
+}
+
+static CK_RV
+module_C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
+{
+	return_val_if_fail (list != NULL, CKR_ARGUMENTS_BAD);
+	*list = &module_functions;
+	return CKR_OK;
+}
+
+static CK_RV
+module_C_GetSlotList (CK_BBOOL token_present,
+                      CK_SLOT_ID_PTR slot_list,
+                      CK_ULONG_PTR count)
+{
+	return proxy_C_GetSlotList (&global.virt.funcs, token_present, slot_list, count);
+}
+
+static CK_RV
+module_C_GetSlotInfo (CK_SLOT_ID id,
+                      CK_SLOT_INFO_PTR info)
+{
+	return proxy_C_GetSlotInfo (&global.virt.funcs, id, info);
+}
+
+static CK_RV
+module_C_GetTokenInfo (CK_SLOT_ID id,
+                       CK_TOKEN_INFO_PTR info)
+{
+	return proxy_C_GetTokenInfo (&global.virt.funcs, id, info);
+}
+
+static CK_RV
+module_C_GetMechanismList (CK_SLOT_ID id,
+                           CK_MECHANISM_TYPE_PTR mechanism_list,
+                           CK_ULONG_PTR count)
+{
+	return proxy_C_GetMechanismList (&global.virt.funcs, id, mechanism_list, count);
+}
+
+static CK_RV
+module_C_GetMechanismInfo (CK_SLOT_ID id,
+                           CK_MECHANISM_TYPE type,
+                           CK_MECHANISM_INFO_PTR info)
+{
+	return proxy_C_GetMechanismInfo (&global.virt.funcs, id, type, info);
+}
+
+static CK_RV
+module_C_InitToken (CK_SLOT_ID id,
+                    CK_UTF8CHAR_PTR pin,
+                    CK_ULONG pin_len,
+                    CK_UTF8CHAR_PTR label)
+{
+	return proxy_C_InitToken (&global.virt.funcs, id, pin, pin_len, label);
+}
+
+static CK_RV
+module_C_WaitForSlotEvent (CK_FLAGS flags,
+                           CK_SLOT_ID_PTR slot,
+                           CK_VOID_PTR reserved)
+{
+	return proxy_C_WaitForSlotEvent (&global.virt.funcs, flags, slot, reserved);
+}
+
+static CK_RV
+module_C_OpenSession (CK_SLOT_ID id,
+                      CK_FLAGS flags,
+                      CK_VOID_PTR user_data,
+                      CK_NOTIFY callback,
+                      CK_SESSION_HANDLE_PTR handle)
+{
+	return proxy_C_OpenSession (&global.virt.funcs, id, flags, user_data, callback,
+	                            handle);
+}
+
+static CK_RV
+module_C_CloseSession (CK_SESSION_HANDLE handle)
+{
+	return proxy_C_CloseSession (&global.virt.funcs, handle);
+}
+
+static CK_RV
+module_C_CloseAllSessions (CK_SLOT_ID id)
+{
+	return proxy_C_CloseAllSessions (&global.virt.funcs, id);
+}
+
+static CK_RV
+module_C_GetFunctionStatus (CK_SESSION_HANDLE handle)
+{
+	return proxy_C_GetFunctionStatus (&global.virt.funcs, handle);
+}
+
+static CK_RV
+module_C_CancelFunction (CK_SESSION_HANDLE handle)
+{
+	return proxy_C_CancelFunction (&global.virt.funcs, handle);
+}
+
+static CK_RV
+module_C_GetSessionInfo (CK_SESSION_HANDLE handle,
+                         CK_SESSION_INFO_PTR info)
+{
+	return proxy_C_GetSessionInfo (&global.virt.funcs, handle, info);
+}
+
+static CK_RV
+module_C_InitPIN (CK_SESSION_HANDLE handle,
+                  CK_UTF8CHAR_PTR pin,
+                  CK_ULONG pin_len)
+{
+	return proxy_C_InitPIN (&global.virt.funcs, handle, pin, pin_len);
+}
+
+static CK_RV
+module_C_SetPIN (CK_SESSION_HANDLE handle,
+                 CK_UTF8CHAR_PTR old_pin,
+                 CK_ULONG old_pin_len,
+                 CK_UTF8CHAR_PTR new_pin,
+                 CK_ULONG new_pin_len)
+{
+	return proxy_C_SetPIN (&global.virt.funcs, handle, old_pin, old_pin_len, new_pin,
+	                       new_pin_len);
+}
+
+static CK_RV
+module_C_GetOperationState (CK_SESSION_HANDLE handle,
+                            CK_BYTE_PTR operation_state,
+                            CK_ULONG_PTR operation_state_len)
+{
+	return proxy_C_GetOperationState (&global.virt.funcs, handle, operation_state,
+	                                  operation_state_len);
+}
+
+static CK_RV
+module_C_SetOperationState (CK_SESSION_HANDLE handle,
+                            CK_BYTE_PTR operation_state,
+                            CK_ULONG operation_state_len,
+                            CK_OBJECT_HANDLE encryption_key,
+                            CK_OBJECT_HANDLE authentication_key)
+{
+	return proxy_C_SetOperationState (&global.virt.funcs, handle, operation_state,
+	                                  operation_state_len, encryption_key,
+	                                  authentication_key);
+}
+
+static CK_RV
+module_C_Login (CK_SESSION_HANDLE handle,
+                CK_USER_TYPE user_type,
+                CK_UTF8CHAR_PTR pin,
+                CK_ULONG pin_len)
+{
+	return proxy_C_Login (&global.virt.funcs, handle, user_type, pin, pin_len);
+}
+
+static CK_RV
+module_C_Logout (CK_SESSION_HANDLE handle)
+{
+	return proxy_C_Logout (&global.virt.funcs, handle);
+}
+
+static CK_RV
+module_C_CreateObject (CK_SESSION_HANDLE handle,
+                       CK_ATTRIBUTE_PTR template,
+                       CK_ULONG count,
+                       CK_OBJECT_HANDLE_PTR new_object)
+{
+	return proxy_C_CreateObject (&global.virt.funcs, handle, template, count,
+	                             new_object);
+}
+
+static CK_RV
+module_C_CopyObject (CK_SESSION_HANDLE handle,
+                     CK_OBJECT_HANDLE object,
+                     CK_ATTRIBUTE_PTR template,
+                     CK_ULONG count,
+                     CK_OBJECT_HANDLE_PTR new_object)
+{
+	return proxy_C_CopyObject (&global.virt.funcs, handle, object, template, count,
+	                           new_object);
+}
+
+static CK_RV
+module_C_DestroyObject (CK_SESSION_HANDLE handle,
+                        CK_OBJECT_HANDLE object)
+{
+	return proxy_C_DestroyObject (&global.virt.funcs, handle, object);
+}
+
+static CK_RV
+module_C_GetObjectSize (CK_SESSION_HANDLE handle,
+                        CK_OBJECT_HANDLE object,
+                        CK_ULONG_PTR size)
+{
+	return proxy_C_GetObjectSize (&global.virt.funcs, handle, object, size);
+}
+
+static CK_RV
+module_C_GetAttributeValue (CK_SESSION_HANDLE handle,
+                            CK_OBJECT_HANDLE object,
+                            CK_ATTRIBUTE_PTR template,
+                            CK_ULONG count)
+{
+	return proxy_C_GetAttributeValue (&global.virt.funcs, handle, object, template,
+	                                  count);
+}
+
+static CK_RV
+module_C_SetAttributeValue (CK_SESSION_HANDLE handle,
+                            CK_OBJECT_HANDLE object,
+                            CK_ATTRIBUTE_PTR template,
+                            CK_ULONG count)
+{
+	return proxy_C_SetAttributeValue (&global.virt.funcs, handle, object, template,
+	                                  count);
+}
+
+static CK_RV
+module_C_FindObjectsInit (CK_SESSION_HANDLE handle,
+                          CK_ATTRIBUTE_PTR template,
+                          CK_ULONG count)
+{
+	return proxy_C_FindObjectsInit (&global.virt.funcs, handle, template, count);
+}
+
+static CK_RV
+module_C_FindObjects (CK_SESSION_HANDLE handle,
+                      CK_OBJECT_HANDLE_PTR objects,
+                      CK_ULONG max_count,
+                      CK_ULONG_PTR count)
+{
+	return proxy_C_FindObjects (&global.virt.funcs, handle, objects, max_count, count);
+}
+
+static CK_RV
+module_C_FindObjectsFinal (CK_SESSION_HANDLE handle)
+{
+	return proxy_C_FindObjectsFinal (&global.virt.funcs, handle);
+}
+
+static CK_RV
+module_C_EncryptInit (CK_SESSION_HANDLE handle,
+                      CK_MECHANISM_PTR mechanism,
+                      CK_OBJECT_HANDLE key)
+{
+	return proxy_C_EncryptInit (&global.virt.funcs, handle, mechanism, key);
+}
+
+static CK_RV
+module_C_Encrypt (CK_SESSION_HANDLE handle,
+                  CK_BYTE_PTR data,
+                  CK_ULONG data_len,
+                  CK_BYTE_PTR encrypted_data,
+                  CK_ULONG_PTR encrypted_data_len)
+{
+	return proxy_C_Encrypt (&global.virt.funcs, handle, data, data_len,
+	                        encrypted_data, encrypted_data_len);
+}
+
+static CK_RV
+module_C_EncryptUpdate (CK_SESSION_HANDLE handle,
+                        CK_BYTE_PTR part,
+                        CK_ULONG part_len,
+                        CK_BYTE_PTR encrypted_part,
+                        CK_ULONG_PTR encrypted_part_len)
+{
+	return proxy_C_EncryptUpdate (&global.virt.funcs, handle, part, part_len,
+	                              encrypted_part, encrypted_part_len);
+}
+
+static CK_RV
+module_C_EncryptFinal (CK_SESSION_HANDLE handle,
+                       CK_BYTE_PTR last_part,
+                       CK_ULONG_PTR last_part_len)
+{
+	return proxy_C_EncryptFinal (&global.virt.funcs, handle, last_part, last_part_len);
+}
+
+static CK_RV
+module_C_DecryptInit (CK_SESSION_HANDLE handle,
+                      CK_MECHANISM_PTR mechanism,
+                      CK_OBJECT_HANDLE key)
+{
+	return proxy_C_DecryptInit (&global.virt.funcs, handle, mechanism, key);
+}
+
+static CK_RV
+module_C_Decrypt (CK_SESSION_HANDLE handle,
+                  CK_BYTE_PTR enc_data,
+                  CK_ULONG enc_data_len,
+                  CK_BYTE_PTR data,
+                  CK_ULONG_PTR data_len)
+{
+	return proxy_C_Decrypt (&global.virt.funcs, handle, enc_data, enc_data_len,
+	                        data, data_len);
+}
+
+static CK_RV
+module_C_DecryptUpdate (CK_SESSION_HANDLE handle,
+                        CK_BYTE_PTR enc_part,
+                        CK_ULONG enc_part_len,
+                        CK_BYTE_PTR part,
+                        CK_ULONG_PTR part_len)
+{
+	return proxy_C_DecryptUpdate (&global.virt.funcs, handle, enc_part, enc_part_len,
+	                              part, part_len);
+}
+
+static CK_RV
+module_C_DecryptFinal (CK_SESSION_HANDLE handle,
+                       CK_BYTE_PTR last_part,
+                       CK_ULONG_PTR last_part_len)
+{
+	return proxy_C_DecryptFinal (&global.virt.funcs, handle, last_part, last_part_len);
+}
+
+static CK_RV
+module_C_DigestInit (CK_SESSION_HANDLE handle,
+                     CK_MECHANISM_PTR mechanism)
+{
+	return proxy_C_DigestInit (&global.virt.funcs, handle, mechanism);
+}
+
+static CK_RV
+module_C_Digest (CK_SESSION_HANDLE handle,
+                 CK_BYTE_PTR data,
+                 CK_ULONG data_len,
+                 CK_BYTE_PTR digest,
+                 CK_ULONG_PTR digest_len)
+{
+	return proxy_C_Digest (&global.virt.funcs, handle, data, data_len, digest,
+	                       digest_len);
+}
+
+static CK_RV
+module_C_DigestUpdate (CK_SESSION_HANDLE handle,
+                       CK_BYTE_PTR part,
+                       CK_ULONG part_len)
+{
+	return proxy_C_DigestUpdate (&global.virt.funcs, handle, part, part_len);
+}
+
+static CK_RV
+module_C_DigestKey (CK_SESSION_HANDLE handle,
+                    CK_OBJECT_HANDLE key)
+{
+	return proxy_C_DigestKey (&global.virt.funcs, handle, key);
+}
+
+static CK_RV
+module_C_DigestFinal (CK_SESSION_HANDLE handle,
+                      CK_BYTE_PTR digest,
+                      CK_ULONG_PTR digest_len)
+{
+	return proxy_C_DigestFinal (&global.virt.funcs, handle, digest, digest_len);
+}
+
+static CK_RV
+module_C_SignInit (CK_SESSION_HANDLE handle,
+                   CK_MECHANISM_PTR mechanism,
+                   CK_OBJECT_HANDLE key)
+{
+	return proxy_C_SignInit (&global.virt.funcs, handle, mechanism, key);
+}
+
+static CK_RV
+module_C_Sign (CK_SESSION_HANDLE handle,
+               CK_BYTE_PTR data,
+               CK_ULONG data_len,
+               CK_BYTE_PTR signature,
+               CK_ULONG_PTR signature_len)
+{
+	return proxy_C_Sign (&global.virt.funcs, handle, data, data_len, signature,
+	                     signature_len);
+}
+
+static CK_RV
+module_C_SignUpdate (CK_SESSION_HANDLE handle,
+                     CK_BYTE_PTR part,
+                     CK_ULONG part_len)
+{
+	return proxy_C_SignUpdate (&global.virt.funcs, handle, part, part_len);
+}
+
+static CK_RV
+module_C_SignFinal (CK_SESSION_HANDLE handle,
+                    CK_BYTE_PTR signature,
+                    CK_ULONG_PTR signature_len)
+{
+	return proxy_C_SignFinal (&global.virt.funcs, handle, signature, signature_len);
+}
+
+static CK_RV
+module_C_SignRecoverInit (CK_SESSION_HANDLE handle,
+                          CK_MECHANISM_PTR mechanism,
+                          CK_OBJECT_HANDLE key)
+{
+	return proxy_C_SignRecoverInit (&global.virt.funcs, handle, mechanism, key);
+}
+
+static CK_RV
+module_C_SignRecover (CK_SESSION_HANDLE handle,
+                      CK_BYTE_PTR data,
+                      CK_ULONG data_len,
+                      CK_BYTE_PTR signature,
+                      CK_ULONG_PTR signature_len)
+{
+	return proxy_C_SignRecover (&global.virt.funcs, handle, data, data_len,
+	                            signature, signature_len);
+}
+
+static CK_RV
+module_C_VerifyInit (CK_SESSION_HANDLE handle,
+                     CK_MECHANISM_PTR mechanism,
+                     CK_OBJECT_HANDLE key)
+{
+	return proxy_C_VerifyInit (&global.virt.funcs, handle, mechanism, key);
+}
+
+static CK_RV
+module_C_Verify (CK_SESSION_HANDLE handle,
+                 CK_BYTE_PTR data,
+                 CK_ULONG data_len,
+                 CK_BYTE_PTR signature,
+                 CK_ULONG signature_len)
+{
+	return proxy_C_Verify (&global.virt.funcs, handle, data, data_len, signature,
+	                       signature_len);
+}
+
+static CK_RV
+module_C_VerifyUpdate (CK_SESSION_HANDLE handle,
+                       CK_BYTE_PTR part,
+                       CK_ULONG part_len)
+{
+	return proxy_C_VerifyUpdate (&global.virt.funcs, handle, part, part_len);
+}
+
+static CK_RV
+module_C_VerifyFinal (CK_SESSION_HANDLE handle,
+                      CK_BYTE_PTR signature,
+                      CK_ULONG signature_len)
+{
+	return proxy_C_VerifyFinal (&global.virt.funcs, handle, signature, signature_len);
+}
+
+static CK_RV
+module_C_VerifyRecoverInit (CK_SESSION_HANDLE handle,
+                            CK_MECHANISM_PTR mechanism,
+                            CK_OBJECT_HANDLE key)
+{
+	return proxy_C_VerifyRecoverInit (&global.virt.funcs, handle, mechanism, key);
+}
+
+static CK_RV
+module_C_VerifyRecover (CK_SESSION_HANDLE handle,
+                        CK_BYTE_PTR signature,
+                        CK_ULONG signature_len,
+                        CK_BYTE_PTR data,
+                        CK_ULONG_PTR data_len)
+{
+	return proxy_C_VerifyRecover (&global.virt.funcs, handle, signature, signature_len,
+	                              data, data_len);
+}
+
+static CK_RV
+module_C_DigestEncryptUpdate (CK_SESSION_HANDLE handle,
+                              CK_BYTE_PTR part,
+                              CK_ULONG part_len,
+                              CK_BYTE_PTR enc_part,
+                              CK_ULONG_PTR enc_part_len)
+{
+	return proxy_C_DigestEncryptUpdate (&global.virt.funcs, handle, part, part_len,
+	                                    enc_part, enc_part_len);
+}
+
+static CK_RV
+module_C_DecryptDigestUpdate (CK_SESSION_HANDLE handle,
+                              CK_BYTE_PTR enc_part,
+                              CK_ULONG enc_part_len,
+                              CK_BYTE_PTR part,
+                              CK_ULONG_PTR part_len)
+{
+	return proxy_C_DecryptDigestUpdate (&global.virt.funcs, handle, enc_part,
+	                                    enc_part_len, part, part_len);
+}
+
+static CK_RV
+module_C_SignEncryptUpdate (CK_SESSION_HANDLE handle,
+                            CK_BYTE_PTR part,
+                            CK_ULONG part_len,
+                            CK_BYTE_PTR enc_part,
+                            CK_ULONG_PTR enc_part_len)
+{
+	return proxy_C_SignEncryptUpdate (&global.virt.funcs, handle, part, part_len,
+	                                  enc_part, enc_part_len);
+}
+
+static CK_RV
+module_C_DecryptVerifyUpdate (CK_SESSION_HANDLE handle,
+                              CK_BYTE_PTR enc_part,
+                              CK_ULONG enc_part_len,
+                              CK_BYTE_PTR part,
+                              CK_ULONG_PTR part_len)
+{
+	return proxy_C_DecryptVerifyUpdate (&global.virt.funcs, handle, enc_part,
+	                                    enc_part_len, part, part_len);
+}
+
+static CK_RV
+module_C_GenerateKey (CK_SESSION_HANDLE handle,
+                      CK_MECHANISM_PTR mechanism,
+                      CK_ATTRIBUTE_PTR template,
+                      CK_ULONG count,
+                      CK_OBJECT_HANDLE_PTR key)
+{
+	return proxy_C_GenerateKey (&global.virt.funcs, handle, mechanism, template, count,
+	                            key);
+}
+
+static CK_RV
+module_C_GenerateKeyPair (CK_SESSION_HANDLE handle,
+                          CK_MECHANISM_PTR mechanism,
+                          CK_ATTRIBUTE_PTR pub_template,
+                          CK_ULONG pub_count,
+                          CK_ATTRIBUTE_PTR priv_template,
+                          CK_ULONG priv_count,
+                          CK_OBJECT_HANDLE_PTR pub_key,
+                          CK_OBJECT_HANDLE_PTR priv_key)
+{
+	return proxy_C_GenerateKeyPair (&global.virt.funcs, handle, mechanism, pub_template,
+	                                pub_count, priv_template, priv_count,
+	                                pub_key, priv_key);
+}
+
+static CK_RV
+module_C_WrapKey (CK_SESSION_HANDLE handle,
+                  CK_MECHANISM_PTR mechanism,
+                  CK_OBJECT_HANDLE wrapping_key,
+                  CK_OBJECT_HANDLE key,
+                  CK_BYTE_PTR wrapped_key,
+                  CK_ULONG_PTR wrapped_key_len)
+{
+	return proxy_C_WrapKey (&global.virt.funcs, handle, mechanism, wrapping_key,
+	                        key, wrapped_key, wrapped_key_len);
+}
+
+static CK_RV
+module_C_UnwrapKey (CK_SESSION_HANDLE handle,
+                    CK_MECHANISM_PTR mechanism,
+                    CK_OBJECT_HANDLE unwrapping_key,
+                    CK_BYTE_PTR wrapped_key,
+                    CK_ULONG wrapped_key_len,
+                    CK_ATTRIBUTE_PTR template,
+                    CK_ULONG count,
+                    CK_OBJECT_HANDLE_PTR key)
+{
+	return proxy_C_UnwrapKey (&global.virt.funcs, handle, mechanism, unwrapping_key,
+	                          wrapped_key, wrapped_key_len, template,
+	                          count, key);
+}
+
+static CK_RV
+module_C_DeriveKey (CK_SESSION_HANDLE handle,
+                    CK_MECHANISM_PTR mechanism,
+                    CK_OBJECT_HANDLE base_key,
+                    CK_ATTRIBUTE_PTR template,
+                    CK_ULONG count,
+                    CK_OBJECT_HANDLE_PTR key)
+{
+	return proxy_C_DeriveKey (&global.virt.funcs, handle, mechanism, base_key,
+	                          template, count, key);
+}
+
+static CK_RV
+module_C_SeedRandom (CK_SESSION_HANDLE handle,
+                     CK_BYTE_PTR seed,
+                     CK_ULONG seed_len)
+{
+	return proxy_C_SeedRandom (&global.virt.funcs, handle, seed, seed_len);
+}
+
+static CK_RV
+module_C_GenerateRandom (CK_SESSION_HANDLE handle,
+                         CK_BYTE_PTR random_data,
+                         CK_ULONG random_len)
+{
+	return proxy_C_GenerateRandom (&global.virt.funcs, handle, random_data, random_len);
+}
+
+/* --------------------------------------------------------------------
  * MODULE ENTRY POINT
  */
 
-CK_FUNCTION_LIST _p11_proxy_function_list = {
-	{ CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },  /* version */
+static CK_FUNCTION_LIST module_functions = {
+	{ CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
+	module_C_Initialize,
+	module_C_Finalize,
+	module_C_GetInfo,
+	module_C_GetFunctionList,
+	module_C_GetSlotList,
+	module_C_GetSlotInfo,
+	module_C_GetTokenInfo,
+	module_C_GetMechanismList,
+	module_C_GetMechanismInfo,
+	module_C_InitToken,
+	module_C_InitPIN,
+	module_C_SetPIN,
+	module_C_OpenSession,
+	module_C_CloseSession,
+	module_C_CloseAllSessions,
+	module_C_GetSessionInfo,
+	module_C_GetOperationState,
+	module_C_SetOperationState,
+	module_C_Login,
+	module_C_Logout,
+	module_C_CreateObject,
+	module_C_CopyObject,
+	module_C_DestroyObject,
+	module_C_GetObjectSize,
+	module_C_GetAttributeValue,
+	module_C_SetAttributeValue,
+	module_C_FindObjectsInit,
+	module_C_FindObjects,
+	module_C_FindObjectsFinal,
+	module_C_EncryptInit,
+	module_C_Encrypt,
+	module_C_EncryptUpdate,
+	module_C_EncryptFinal,
+	module_C_DecryptInit,
+	module_C_Decrypt,
+	module_C_DecryptUpdate,
+	module_C_DecryptFinal,
+	module_C_DigestInit,
+	module_C_Digest,
+	module_C_DigestUpdate,
+	module_C_DigestKey,
+	module_C_DigestFinal,
+	module_C_SignInit,
+	module_C_Sign,
+	module_C_SignUpdate,
+	module_C_SignFinal,
+	module_C_SignRecoverInit,
+	module_C_SignRecover,
+	module_C_VerifyInit,
+	module_C_Verify,
+	module_C_VerifyUpdate,
+	module_C_VerifyFinal,
+	module_C_VerifyRecoverInit,
+	module_C_VerifyRecover,
+	module_C_DigestEncryptUpdate,
+	module_C_DecryptDigestUpdate,
+	module_C_SignEncryptUpdate,
+	module_C_DecryptVerifyUpdate,
+	module_C_GenerateKey,
+	module_C_GenerateKeyPair,
+	module_C_WrapKey,
+	module_C_UnwrapKey,
+	module_C_DeriveKey,
+	module_C_SeedRandom,
+	module_C_GenerateRandom,
+	module_C_GetFunctionStatus,
+	module_C_CancelFunction,
+	module_C_WaitForSlotEvent
+};
+
+static CK_X_FUNCTION_LIST proxy_functions = {
+	{ CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR  },
 	proxy_C_Initialize,
 	proxy_C_Finalize,
 	proxy_C_GetInfo,
-	proxy_C_GetFunctionList,
 	proxy_C_GetSlotList,
 	proxy_C_GetSlotInfo,
 	proxy_C_GetTokenInfo,
@@ -1379,18 +2356,73 @@ CK_FUNCTION_LIST _p11_proxy_function_list = {
 	proxy_C_DeriveKey,
 	proxy_C_SeedRandom,
 	proxy_C_GenerateRandom,
-	proxy_C_GetFunctionStatus,
-	proxy_C_CancelFunction,
-	proxy_C_WaitForSlotEvent
+	proxy_C_WaitForSlotEvent,
 };
 
 #ifdef OS_WIN32
 __declspec(dllexport)
 #endif
-
 CK_RV
 C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list)
 {
+	CK_FUNCTION_LIST_PTR module = NULL;
+	State *state;
+	CK_RV rv = CKR_OK;
+
 	p11_library_init_once ();
-	return proxy_C_GetFunctionList (list);
+	p11_lock ();
+
+	if (p11_virtual_can_wrap ()) {
+		state = calloc (1, sizeof (State));
+		if (!state) {
+			rv = CKR_HOST_MEMORY;
+
+		} else {
+			p11_virtual_init (&state->virt, &proxy_functions, state, NULL);
+			state->last_handle = FIRST_HANDLE;
+
+			module = p11_virtual_wrap (&state->virt, free);
+			if (module == NULL) {
+				rv = CKR_GENERAL_ERROR;
+
+			} else {
+				state->wrapped = module;
+				state->next = all_instances;
+				all_instances = state;
+			}
+		}
+	}
+
+	if (rv == CKR_OK) {
+		if (module == NULL)
+			module = &module_functions;
+
+		/* We use this as a check below */
+		module->C_WaitForSlotEvent = module_C_WaitForSlotEvent;
+		*list = module;
+	}
+
+	p11_unlock ();
+
+	return rv;
+}
+
+void
+p11_proxy_module_cleanup (void)
+{
+	State *state, *next;
+
+	state = all_instances;
+	all_instances = NULL;
+
+	for (; state != NULL; state = next) {
+		next = state->next;
+		p11_virtual_unwrap (state->wrapped);
+	}
+}
+
+bool
+p11_proxy_module_check (CK_FUNCTION_LIST_PTR module)
+{
+	return (module->C_WaitForSlotEvent == module_C_WaitForSlotEvent);
 }
diff --git a/p11-kit/proxy.h b/p11-kit/proxy.h
new file mode 100644
index 0000000..df05be0
--- /dev/null
+++ b/p11-kit/proxy.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2013 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#ifndef __P11_PROXY_H__
+#define __P11_PROXY_H__
+
+void       p11_proxy_after_fork                      (void);
+
+bool       p11_proxy_module_check                    (CK_FUNCTION_LIST_PTR module);
+
+void       p11_proxy_module_cleanup                  (void);
+
+
+#endif /* __P11_PROXY_H__ */
diff --git a/p11-kit/tests/Makefile.am b/p11-kit/tests/Makefile.am
index c7b87ae..6963850 100644
--- a/p11-kit/tests/Makefile.am
+++ b/p11-kit/tests/Makefile.am
@@ -3,29 +3,41 @@ include $(top_srcdir)/build/Makefile.tests
 
 COMMON = $(top_srcdir)/common
 
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(srcdir)/.. \
 	-I$(COMMON) \
-	$(CUTEST_CFLAGS)
+	$(TEST_CFLAGS)
 
 LDADD = \
 	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(CUTEST_LIBS) \
 	$(LTLIBINTL)
 
 CHECK_PROGS = \
-	progname-test \
-	conf-test \
-	uri-test \
-	pin-test \
+	test-progname \
+	test-conf \
+	test-uri \
+	test-pin \
 	test-init \
 	test-modules \
+	test-deprecated \
+	test-proxy \
 	test-iter \
 	$(NULL)
 
+if WITH_FFI
+
+CHECK_PROGS += \
+	test-virtual \
+	test-managed \
+	test-log \
+	$(NULL)
+
+endif
+
 noinst_PROGRAMS = \
 	print-messages \
 	$(CHECK_PROGS)
@@ -45,7 +57,7 @@ mock_one_la_CFLAGS = \
 	$(AM_CFLAGS)
 
 mock_one_la_LIBADD = \
-	$(top_builddir)/common/libp11-mock.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(NULL)
 
@@ -68,4 +80,6 @@ mock_four_la_LDFLAGS = $(mock_one_la_LDFLAGS)
 mock_four_la_LIBADD = $(mock_one_la_LIBADD)
 
 EXTRA_DIST = \
-	files
+	files \
+	test-mock.c \
+	$(NULL)
diff --git a/p11-kit/tests/Makefile.in b/p11-kit/tests/Makefile.in
index 5ffba9a..e523642 100644
--- a/p11-kit/tests/Makefile.in
+++ b/p11-kit/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.13.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2012 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -16,51 +16,23 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
+am__make_dryrun = \
+  { \
+    am__dry=no; \
     case $$MAKEFLAGS in \
       *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
+        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
+          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+      *) \
+        for am__flg in $$MAKEFLAGS; do \
+          case $$am__flg in \
+            *=*|--*) ;; \
+            *n*) am__dry=yes; break;; \
+          esac; \
+        done;; \
     esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+    test $$am__dry = yes; \
+  }
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -82,8 +54,14 @@ host_triplet = @host@
 DIST_COMMON = $(top_srcdir)/build/Makefile.tests $(srcdir)/Makefile.in \
 	$(srcdir)/Makefile.am $(top_srcdir)/depcomp \
 	$(top_srcdir)/test-driver
-noinst_PROGRAMS = print-messages$(EXEEXT) $(am__EXEEXT_2)
-TESTS = $(am__EXEEXT_2)
+@WITH_FFI_TRUE@am__append_1 = \
+@WITH_FFI_TRUE@	test-virtual \
+@WITH_FFI_TRUE@	test-managed \
+@WITH_FFI_TRUE@	test-log \
+@WITH_FFI_TRUE@	$(NULL)
+
+noinst_PROGRAMS = print-messages$(EXEEXT) $(am__EXEEXT_3)
+TESTS = $(am__EXEEXT_3)
 subdir = p11-kit/tests
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/build/m4/gettext.m4 \
@@ -106,7 +84,7 @@ CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 LTLIBRARIES = $(noinst_LTLIBRARIES)
 am__DEPENDENCIES_1 =
-am__DEPENDENCIES_2 = $(top_builddir)/common/libp11-mock.la \
+am__DEPENDENCIES_2 = $(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
 mock_four_la_DEPENDENCIES = $(am__DEPENDENCIES_2)
 am__objects_1 = mock-module-ep.lo
@@ -119,7 +97,7 @@ am__v_lt_1 =
 mock_four_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
 	$(mock_four_la_LDFLAGS) $(LDFLAGS) -o $@
-mock_one_la_DEPENDENCIES = $(top_builddir)/common/libp11-mock.la \
+mock_one_la_DEPENDENCIES = $(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
 am_mock_one_la_OBJECTS = mock_one_la-mock-module-ep.lo
 mock_one_la_OBJECTS = $(am_mock_one_la_OBJECTS)
@@ -141,74 +119,106 @@ mock_two_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(mock_two_la_CFLAGS) \
 	$(CFLAGS) $(mock_two_la_LDFLAGS) $(LDFLAGS) -o $@
 am__EXEEXT_1 =
-am__EXEEXT_2 = progname-test$(EXEEXT) conf-test$(EXEEXT) \
-	uri-test$(EXEEXT) pin-test$(EXEEXT) test-init$(EXEEXT) \
-	test-modules$(EXEEXT) test-iter$(EXEEXT) $(am__EXEEXT_1)
+@WITH_FFI_TRUE@am__EXEEXT_2 = test-virtual$(EXEEXT) \
+@WITH_FFI_TRUE@	test-managed$(EXEEXT) test-log$(EXEEXT) \
+@WITH_FFI_TRUE@	$(am__EXEEXT_1)
+am__EXEEXT_3 = test-progname$(EXEEXT) test-conf$(EXEEXT) \
+	test-uri$(EXEEXT) test-pin$(EXEEXT) test-init$(EXEEXT) \
+	test-modules$(EXEEXT) test-deprecated$(EXEEXT) \
+	test-proxy$(EXEEXT) test-iter$(EXEEXT) $(am__EXEEXT_1) \
+	$(am__EXEEXT_2)
 PROGRAMS = $(noinst_PROGRAMS)
-conf_test_SOURCES = conf-test.c
-conf_test_OBJECTS = conf-test.$(OBJEXT)
-conf_test_LDADD = $(LDADD)
-conf_test_DEPENDENCIES =  \
-	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
-	$(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) \
-	$(am__DEPENDENCIES_1)
-pin_test_SOURCES = pin-test.c
-pin_test_OBJECTS = pin-test.$(OBJEXT)
-pin_test_LDADD = $(LDADD)
-pin_test_DEPENDENCIES =  \
-	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
-	$(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) \
-	$(am__DEPENDENCIES_1)
 print_messages_SOURCES = print-messages.c
 print_messages_OBJECTS = print-messages.$(OBJEXT)
 print_messages_LDADD = $(LDADD)
 print_messages_DEPENDENCIES =  \
 	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
-	$(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) \
-	$(am__DEPENDENCIES_1)
-progname_test_SOURCES = progname-test.c
-progname_test_OBJECTS = progname-test.$(OBJEXT)
-progname_test_LDADD = $(LDADD)
-progname_test_DEPENDENCIES =  \
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
+test_conf_SOURCES = test-conf.c
+test_conf_OBJECTS = test-conf.$(OBJEXT)
+test_conf_LDADD = $(LDADD)
+test_conf_DEPENDENCIES =  \
+	$(top_builddir)/p11-kit/libp11-kit-testable.la \
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
+test_deprecated_SOURCES = test-deprecated.c
+test_deprecated_OBJECTS = test-deprecated.$(OBJEXT)
+test_deprecated_LDADD = $(LDADD)
+test_deprecated_DEPENDENCIES =  \
 	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
-	$(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) \
-	$(am__DEPENDENCIES_1)
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
 test_init_SOURCES = test-init.c
 test_init_OBJECTS = test-init.$(OBJEXT)
 test_init_LDADD = $(LDADD)
 test_init_DEPENDENCIES =  \
 	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
-	$(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) \
-	$(am__DEPENDENCIES_1)
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
 test_iter_SOURCES = test-iter.c
 test_iter_OBJECTS = test-iter.$(OBJEXT)
 test_iter_LDADD = $(LDADD)
 test_iter_DEPENDENCIES =  \
 	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
-	$(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) \
-	$(am__DEPENDENCIES_1)
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
+test_log_SOURCES = test-log.c
+test_log_OBJECTS = test-log.$(OBJEXT)
+test_log_LDADD = $(LDADD)
+test_log_DEPENDENCIES =  \
+	$(top_builddir)/p11-kit/libp11-kit-testable.la \
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
+test_managed_SOURCES = test-managed.c
+test_managed_OBJECTS = test-managed.$(OBJEXT)
+test_managed_LDADD = $(LDADD)
+test_managed_DEPENDENCIES =  \
+	$(top_builddir)/p11-kit/libp11-kit-testable.la \
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
 test_modules_SOURCES = test-modules.c
 test_modules_OBJECTS = test-modules.$(OBJEXT)
 test_modules_LDADD = $(LDADD)
 test_modules_DEPENDENCIES =  \
 	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
-	$(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) \
-	$(am__DEPENDENCIES_1)
-uri_test_SOURCES = uri-test.c
-uri_test_OBJECTS = uri-test.$(OBJEXT)
-uri_test_LDADD = $(LDADD)
-uri_test_DEPENDENCIES =  \
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
+test_pin_SOURCES = test-pin.c
+test_pin_OBJECTS = test-pin.$(OBJEXT)
+test_pin_LDADD = $(LDADD)
+test_pin_DEPENDENCIES =  \
+	$(top_builddir)/p11-kit/libp11-kit-testable.la \
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
+test_progname_SOURCES = test-progname.c
+test_progname_OBJECTS = test-progname.$(OBJEXT)
+test_progname_LDADD = $(LDADD)
+test_progname_DEPENDENCIES =  \
+	$(top_builddir)/p11-kit/libp11-kit-testable.la \
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
+test_proxy_SOURCES = test-proxy.c
+test_proxy_OBJECTS = test-proxy.$(OBJEXT)
+test_proxy_LDADD = $(LDADD)
+test_proxy_DEPENDENCIES =  \
+	$(top_builddir)/p11-kit/libp11-kit-testable.la \
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
+test_uri_SOURCES = test-uri.c
+test_uri_OBJECTS = test-uri.$(OBJEXT)
+test_uri_LDADD = $(LDADD)
+test_uri_DEPENDENCIES =  \
+	$(top_builddir)/p11-kit/libp11-kit-testable.la \
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
+test_virtual_SOURCES = test-virtual.c
+test_virtual_OBJECTS = test-virtual.$(OBJEXT)
+test_virtual_LDADD = $(LDADD)
+test_virtual_DEPENDENCIES =  \
 	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
-	$(top_builddir)/common/libp11-common.la $(CUTEST_LIBS) \
-	$(am__DEPENDENCIES_1)
+	$(top_builddir)/common/libp11-test.la \
+	$(top_builddir)/common/libp11-common.la $(am__DEPENDENCIES_1)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -244,13 +254,17 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
 SOURCES = $(mock_four_la_SOURCES) $(mock_one_la_SOURCES) \
-	$(mock_three_la_SOURCES) $(mock_two_la_SOURCES) conf-test.c \
-	pin-test.c print-messages.c progname-test.c test-init.c \
-	test-iter.c test-modules.c uri-test.c
+	$(mock_three_la_SOURCES) $(mock_two_la_SOURCES) \
+	print-messages.c test-conf.c test-deprecated.c test-init.c \
+	test-iter.c test-log.c test-managed.c test-modules.c \
+	test-pin.c test-progname.c test-proxy.c test-uri.c \
+	test-virtual.c
 DIST_SOURCES = $(mock_four_la_SOURCES) $(mock_one_la_SOURCES) \
-	$(mock_three_la_SOURCES) $(mock_two_la_SOURCES) conf-test.c \
-	pin-test.c print-messages.c progname-test.c test-init.c \
-	test-iter.c test-modules.c uri-test.c
+	$(mock_three_la_SOURCES) $(mock_two_la_SOURCES) \
+	print-messages.c test-conf.c test-deprecated.c test-init.c \
+	test-iter.c test-log.c test-managed.c test-modules.c \
+	test-pin.c test-progname.c test-proxy.c test-uri.c \
+	test-virtual.c
 am__can_run_installinfo = \
   case $$AM_UPDATE_INFO_DIR in \
     n|no|NO) false;; \
@@ -526,6 +540,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LCOV = @LCOV@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
+LIBFFI_CFLAGS = @LIBFFI_CFLAGS@
+LIBFFI_LIBS = @LIBFFI_LIBS@
 LIBICONV = @LIBICONV@
 LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
@@ -639,39 +655,31 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 with_trust_paths = @with_trust_paths@
 NULL = 
-CUTEST_CFLAGS = \
-	-I$(top_srcdir)/build/cutest \
+TEST_CFLAGS = \
 	-DSRCDIR=\"$(abs_srcdir)\" \
 	-DBUILDDIR=\"$(abs_builddir)\" \
 	-DP11_KIT_FUTURE_UNSTABLE_API
 
-CUTEST_LIBS = $(top_builddir)/build/libcutest.la
 MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet --trace-children=yes
 LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes
+HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind
 COMMON = $(top_srcdir)/common
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(srcdir)/.. \
 	-I$(COMMON) \
-	$(CUTEST_CFLAGS)
+	$(TEST_CFLAGS)
 
 LDADD = \
 	$(top_builddir)/p11-kit/libp11-kit-testable.la \
-	$(top_builddir)/common/libp11-mock.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(CUTEST_LIBS) \
 	$(LTLIBINTL)
 
-CHECK_PROGS = \
-	progname-test \
-	conf-test \
-	uri-test \
-	pin-test \
-	test-init \
-	test-modules \
-	test-iter \
-	$(NULL)
-
+CHECK_PROGS = test-progname test-conf test-uri test-pin test-init \
+	test-modules test-deprecated test-proxy test-iter $(NULL) \
+	$(am__append_1)
 noinst_LTLIBRARIES = \
 	mock-one.la \
 	mock-two.la \
@@ -685,7 +693,7 @@ mock_one_la_CFLAGS = \
 	$(AM_CFLAGS)
 
 mock_one_la_LIBADD = \
-	$(top_builddir)/common/libp11-mock.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(NULL)
 
@@ -705,7 +713,9 @@ mock_four_la_SOURCES = $(mock_one_la_SOURCES)
 mock_four_la_LDFLAGS = $(mock_one_la_LDFLAGS)
 mock_four_la_LIBADD = $(mock_one_la_LIBADD)
 EXTRA_DIST = \
-	files
+	files \
+	test-mock.c \
+	$(NULL)
 
 all: all-am
 
@@ -753,16 +763,12 @@ clean-noinstLTLIBRARIES:
 	  echo rm -f $${locs}; \
 	  rm -f $${locs}; \
 	}
-
 mock-four.la: $(mock_four_la_OBJECTS) $(mock_four_la_DEPENDENCIES) $(EXTRA_mock_four_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(mock_four_la_LINK)  $(mock_four_la_OBJECTS) $(mock_four_la_LIBADD) $(LIBS)
-
 mock-one.la: $(mock_one_la_OBJECTS) $(mock_one_la_DEPENDENCIES) $(EXTRA_mock_one_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(mock_one_la_LINK)  $(mock_one_la_OBJECTS) $(mock_one_la_LIBADD) $(LIBS)
-
 mock-three.la: $(mock_three_la_OBJECTS) $(mock_three_la_DEPENDENCIES) $(EXTRA_mock_three_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(mock_three_la_LINK)  $(mock_three_la_OBJECTS) $(mock_three_la_LIBADD) $(LIBS)
-
 mock-two.la: $(mock_two_la_OBJECTS) $(mock_two_la_DEPENDENCIES) $(EXTRA_mock_two_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(mock_two_la_LINK)  $(mock_two_la_OBJECTS) $(mock_two_la_LIBADD) $(LIBS)
 
@@ -774,38 +780,45 @@ clean-noinstPROGRAMS:
 	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
 	echo " rm -f" $$list; \
 	rm -f $$list
-
-conf-test$(EXEEXT): $(conf_test_OBJECTS) $(conf_test_DEPENDENCIES) $(EXTRA_conf_test_DEPENDENCIES) 
-	@rm -f conf-test$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(conf_test_OBJECTS) $(conf_test_LDADD) $(LIBS)
-
-pin-test$(EXEEXT): $(pin_test_OBJECTS) $(pin_test_DEPENDENCIES) $(EXTRA_pin_test_DEPENDENCIES) 
-	@rm -f pin-test$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(pin_test_OBJECTS) $(pin_test_LDADD) $(LIBS)
-
 print-messages$(EXEEXT): $(print_messages_OBJECTS) $(print_messages_DEPENDENCIES) $(EXTRA_print_messages_DEPENDENCIES) 
 	@rm -f print-messages$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(print_messages_OBJECTS) $(print_messages_LDADD) $(LIBS)
-
-progname-test$(EXEEXT): $(progname_test_OBJECTS) $(progname_test_DEPENDENCIES) $(EXTRA_progname_test_DEPENDENCIES) 
-	@rm -f progname-test$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(progname_test_OBJECTS) $(progname_test_LDADD) $(LIBS)
-
+test-conf$(EXEEXT): $(test_conf_OBJECTS) $(test_conf_DEPENDENCIES) $(EXTRA_test_conf_DEPENDENCIES) 
+	@rm -f test-conf$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(test_conf_OBJECTS) $(test_conf_LDADD) $(LIBS)
+test-deprecated$(EXEEXT): $(test_deprecated_OBJECTS) $(test_deprecated_DEPENDENCIES) $(EXTRA_test_deprecated_DEPENDENCIES) 
+	@rm -f test-deprecated$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(test_deprecated_OBJECTS) $(test_deprecated_LDADD) $(LIBS)
 test-init$(EXEEXT): $(test_init_OBJECTS) $(test_init_DEPENDENCIES) $(EXTRA_test_init_DEPENDENCIES) 
 	@rm -f test-init$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_init_OBJECTS) $(test_init_LDADD) $(LIBS)
-
 test-iter$(EXEEXT): $(test_iter_OBJECTS) $(test_iter_DEPENDENCIES) $(EXTRA_test_iter_DEPENDENCIES) 
 	@rm -f test-iter$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_iter_OBJECTS) $(test_iter_LDADD) $(LIBS)
-
+test-log$(EXEEXT): $(test_log_OBJECTS) $(test_log_DEPENDENCIES) $(EXTRA_test_log_DEPENDENCIES) 
+	@rm -f test-log$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(test_log_OBJECTS) $(test_log_LDADD) $(LIBS)
+test-managed$(EXEEXT): $(test_managed_OBJECTS) $(test_managed_DEPENDENCIES) $(EXTRA_test_managed_DEPENDENCIES) 
+	@rm -f test-managed$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(test_managed_OBJECTS) $(test_managed_LDADD) $(LIBS)
 test-modules$(EXEEXT): $(test_modules_OBJECTS) $(test_modules_DEPENDENCIES) $(EXTRA_test_modules_DEPENDENCIES) 
 	@rm -f test-modules$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_modules_OBJECTS) $(test_modules_LDADD) $(LIBS)
-
-uri-test$(EXEEXT): $(uri_test_OBJECTS) $(uri_test_DEPENDENCIES) $(EXTRA_uri_test_DEPENDENCIES) 
-	@rm -f uri-test$(EXEEXT)
-	$(AM_V_CCLD)$(LINK) $(uri_test_OBJECTS) $(uri_test_LDADD) $(LIBS)
+test-pin$(EXEEXT): $(test_pin_OBJECTS) $(test_pin_DEPENDENCIES) $(EXTRA_test_pin_DEPENDENCIES) 
+	@rm -f test-pin$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(test_pin_OBJECTS) $(test_pin_LDADD) $(LIBS)
+test-progname$(EXEEXT): $(test_progname_OBJECTS) $(test_progname_DEPENDENCIES) $(EXTRA_test_progname_DEPENDENCIES) 
+	@rm -f test-progname$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(test_progname_OBJECTS) $(test_progname_LDADD) $(LIBS)
+test-proxy$(EXEEXT): $(test_proxy_OBJECTS) $(test_proxy_DEPENDENCIES) $(EXTRA_test_proxy_DEPENDENCIES) 
+	@rm -f test-proxy$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(test_proxy_OBJECTS) $(test_proxy_LDADD) $(LIBS)
+test-uri$(EXEEXT): $(test_uri_OBJECTS) $(test_uri_DEPENDENCIES) $(EXTRA_test_uri_DEPENDENCIES) 
+	@rm -f test-uri$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(test_uri_OBJECTS) $(test_uri_LDADD) $(LIBS)
+test-virtual$(EXEEXT): $(test_virtual_OBJECTS) $(test_virtual_DEPENDENCIES) $(EXTRA_test_virtual_DEPENDENCIES) 
+	@rm -f test-virtual$(EXEEXT)
+	$(AM_V_CCLD)$(LINK) $(test_virtual_OBJECTS) $(test_virtual_LDADD) $(LIBS)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -813,18 +826,23 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conf-test.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mock-module-ep.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mock_one_la-mock-module-ep.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mock_three_la-mock-module-ep.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mock_two_la-mock-module-ep.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pin-test.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/print-messages.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/progname-test.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-conf.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-deprecated.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-init.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-iter.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-log.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-managed.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-modules.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uri-test.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-pin.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-progname.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-proxy.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-uri.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-virtual.Po@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -935,7 +953,7 @@ distclean-tags:
 	$(MAKE) $(AM_MAKEFLAGS) $<
 
 # Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
+# exand to empty, as could happen e.g. with make check TESTS=''.
 am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
 am--force-recheck:
 	@:
@@ -1067,30 +1085,30 @@ recheck: all
 	        am__force_recheck=am--force-recheck \
 	        TEST_LOGS="$$log_list"; \
 	exit $$?
-progname-test.log: progname-test$(EXEEXT)
-	@p='progname-test$(EXEEXT)'; \
-	b='progname-test'; \
+test-progname.log: test-progname$(EXEEXT)
+	@p='test-progname$(EXEEXT)'; \
+	b='test-progname'; \
 	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
-conf-test.log: conf-test$(EXEEXT)
-	@p='conf-test$(EXEEXT)'; \
-	b='conf-test'; \
+test-conf.log: test-conf$(EXEEXT)
+	@p='test-conf$(EXEEXT)'; \
+	b='test-conf'; \
 	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
-uri-test.log: uri-test$(EXEEXT)
-	@p='uri-test$(EXEEXT)'; \
-	b='uri-test'; \
+test-uri.log: test-uri$(EXEEXT)
+	@p='test-uri$(EXEEXT)'; \
+	b='test-uri'; \
 	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
-pin-test.log: pin-test$(EXEEXT)
-	@p='pin-test$(EXEEXT)'; \
-	b='pin-test'; \
+test-pin.log: test-pin$(EXEEXT)
+	@p='test-pin$(EXEEXT)'; \
+	b='test-pin'; \
 	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
@@ -1109,6 +1127,20 @@ test-modules.log: test-modules$(EXEEXT)
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test-deprecated.log: test-deprecated$(EXEEXT)
+	@p='test-deprecated$(EXEEXT)'; \
+	b='test-deprecated'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test-proxy.log: test-proxy$(EXEEXT)
+	@p='test-proxy$(EXEEXT)'; \
+	b='test-proxy'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 test-iter.log: test-iter$(EXEEXT)
 	@p='test-iter$(EXEEXT)'; \
 	b='test-iter'; \
@@ -1116,6 +1148,27 @@ test-iter.log: test-iter$(EXEEXT)
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test-virtual.log: test-virtual$(EXEEXT)
+	@p='test-virtual$(EXEEXT)'; \
+	b='test-virtual'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test-managed.log: test-managed$(EXEEXT)
+	@p='test-managed$(EXEEXT)'; \
+	b='test-managed'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
+test-log.log: test-log$(EXEEXT)
+	@p='test-log$(EXEEXT)'; \
+	b='test-log'; \
+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+	--log-file $$b.log --trs-file $$b.trs \
+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+	"$$tst" $(AM_TESTS_FD_REDIRECT)
 .test.log:
 	@p='$<'; \
 	$(am__set_b); \
@@ -1294,6 +1347,9 @@ memcheck: all
 leakcheck: all
 	make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS
 
+hellcheck: all
+	make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/p11-kit/tests/files/system-pkcs11.conf b/p11-kit/tests/files/system-pkcs11.conf
index 20741e7..a3aa273 100644
--- a/p11-kit/tests/files/system-pkcs11.conf
+++ b/p11-kit/tests/files/system-pkcs11.conf
@@ -1,3 +1,6 @@
 
 # Merge in user config
-user-config: merge
\ No newline at end of file
+user-config: merge
+
+# Another option
+new: world
\ No newline at end of file
diff --git a/p11-kit/tests/files/user-modules/one.module b/p11-kit/tests/files/user-modules/one.module
index c371e4a..6f1a2e8 100644
--- a/p11-kit/tests/files/user-modules/one.module
+++ b/p11-kit/tests/files/user-modules/one.module
@@ -1,2 +1,3 @@
 
-setting: user1
\ No newline at end of file
+setting: user1
+managed: yes
\ No newline at end of file
diff --git a/p11-kit/tests/conf-test.c b/p11-kit/tests/test-conf.c
similarity index 52%
rename from p11-kit/tests/conf-test.c
rename to p11-kit/tests/test-conf.c
index d259cf8..c214bac 100644
--- a/p11-kit/tests/conf-test.c
+++ b/p11-kit/tests/test-conf.c
@@ -33,7 +33,7 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
 
 #include 
 #include 
@@ -47,54 +47,54 @@
 #include "private.h"
 
 static void
-test_parse_conf_1 (CuTest *tc)
+test_parse_conf_1 (void)
 {
 	p11_dict *map;
 	const char *value;
 
 	map = _p11_conf_parse_file (SRCDIR "/files/test-1.conf", 0);
-	CuAssertPtrNotNull (tc, map);
+	assert_ptr_not_null (map);
 
 	value = p11_dict_get (map, "key1");
-	CuAssertStrEquals (tc, "value1", value);
+	assert_str_eq ("value1", value);
 
 	value = p11_dict_get (map, "with-colon");
-	CuAssertStrEquals (tc, "value-of-colon", value);
+	assert_str_eq ("value-of-colon", value);
 
 	value = p11_dict_get (map, "with-whitespace");
-	CuAssertStrEquals (tc, "value-with-whitespace", value);
+	assert_str_eq ("value-with-whitespace", value);
 
 	value = p11_dict_get (map, "embedded-comment");
-	CuAssertStrEquals (tc, "this is # not a comment", value);
+	assert_str_eq ("this is # not a comment", value);
 
 	p11_dict_free (map);
 }
 
 static void
-test_parse_ignore_missing (CuTest *tc)
+test_parse_ignore_missing (void)
 {
 	p11_dict *map;
 
 	map = _p11_conf_parse_file (SRCDIR "/files/non-existant.conf", CONF_IGNORE_MISSING);
-	CuAssertPtrNotNull (tc, map);
+	assert_ptr_not_null (map);
 
-	CuAssertIntEquals (tc, 0, p11_dict_size (map));
-	CuAssertPtrEquals (tc, NULL, (void*)p11_message_last ());
+	assert_num_eq (0, p11_dict_size (map));
+	assert (p11_message_last () == NULL);
 	p11_dict_free (map);
 }
 
 static void
-test_parse_fail_missing (CuTest *tc)
+test_parse_fail_missing (void)
 {
 	p11_dict *map;
 
 	map = _p11_conf_parse_file (SRCDIR "/files/non-existant.conf", 0);
-	CuAssertPtrEquals (tc, map, NULL);
-	CuAssertPtrNotNull (tc, p11_message_last ());
+	assert (map == NULL);
+	assert_ptr_not_null (p11_message_last ());
 }
 
 static void
-test_merge_defaults (CuTest *tc)
+test_merge_defaults (void)
 {
 	p11_dict *values;
 	p11_dict *defaults;
@@ -109,19 +109,19 @@ test_merge_defaults (CuTest *tc)
 	p11_dict_set (defaults, strdup ("three"), strdup ("default3"));
 
 	if (!_p11_conf_merge_defaults (values, defaults))
-		CuFail (tc, "should not be reached");
+		assert_not_reached ();
 
 	p11_dict_free (defaults);
 
-	CuAssertStrEquals (tc, p11_dict_get (values, "one"), "real1");
-	CuAssertStrEquals (tc, p11_dict_get (values, "two"), "real2");
-	CuAssertStrEquals (tc, p11_dict_get (values, "three"), "default3");
+	assert_str_eq (p11_dict_get (values, "one"), "real1");
+	assert_str_eq (p11_dict_get (values, "two"), "real2");
+	assert_str_eq (p11_dict_get (values, "three"), "default3");
 
 	p11_dict_free (values);
 }
 
 static void
-test_load_globals_merge (CuTest *tc)
+test_load_globals_merge (void)
 {
 	int user_mode = -1;
 	p11_dict *config;
@@ -131,19 +131,19 @@ test_load_globals_merge (CuTest *tc)
 	config = _p11_conf_load_globals (SRCDIR "/files/test-system-merge.conf",
 	                                 SRCDIR "/files/test-user.conf",
 	                                 &user_mode);
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, NULL, p11_message_last ());
-	CuAssertIntEquals (tc, CONF_USER_MERGE, user_mode);
+	assert_ptr_not_null (config);
+	assert (NULL == p11_message_last ());
+	assert_num_eq (CONF_USER_MERGE, user_mode);
 
-	CuAssertStrEquals (tc, p11_dict_get (config, "key1"), "system1");
-	CuAssertStrEquals (tc, p11_dict_get (config, "key2"), "user2");
-	CuAssertStrEquals (tc, p11_dict_get (config, "key3"), "user3");
+	assert_str_eq (p11_dict_get (config, "key1"), "system1");
+	assert_str_eq (p11_dict_get (config, "key2"), "user2");
+	assert_str_eq (p11_dict_get (config, "key3"), "user3");
 
 	p11_dict_free (config);
 }
 
 static void
-test_load_globals_no_user (CuTest *tc)
+test_load_globals_no_user (void)
 {
 	int user_mode = -1;
 	p11_dict *config;
@@ -153,19 +153,19 @@ test_load_globals_no_user (CuTest *tc)
 	config = _p11_conf_load_globals (SRCDIR "/files/test-system-none.conf",
 	                                 SRCDIR "/files/test-user.conf",
 	                                 &user_mode);
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, NULL, p11_message_last ());
-	CuAssertIntEquals (tc, CONF_USER_NONE, user_mode);
+	assert_ptr_not_null (config);
+	assert (NULL == p11_message_last ());
+	assert_num_eq (CONF_USER_NONE, user_mode);
 
-	CuAssertStrEquals (tc, p11_dict_get (config, "key1"), "system1");
-	CuAssertStrEquals (tc, p11_dict_get (config, "key2"), "system2");
-	CuAssertStrEquals (tc, p11_dict_get (config, "key3"), "system3");
+	assert_str_eq (p11_dict_get (config, "key1"), "system1");
+	assert_str_eq (p11_dict_get (config, "key2"), "system2");
+	assert_str_eq (p11_dict_get (config, "key3"), "system3");
 
 	p11_dict_free (config);
 }
 
 static void
-test_load_globals_user_sets_only (CuTest *tc)
+test_load_globals_user_sets_only (void)
 {
 	int user_mode = -1;
 	p11_dict *config;
@@ -175,19 +175,19 @@ test_load_globals_user_sets_only (CuTest *tc)
 	config = _p11_conf_load_globals (SRCDIR "/files/test-system-merge.conf",
 	                                 SRCDIR "/files/test-user-only.conf",
 	                                 &user_mode);
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, NULL, p11_message_last ());
-	CuAssertIntEquals (tc, CONF_USER_ONLY, user_mode);
+	assert_ptr_not_null (config);
+	assert (NULL == p11_message_last ());
+	assert_num_eq (CONF_USER_ONLY, user_mode);
 
-	CuAssertStrEquals (tc, p11_dict_get (config, "key1"), NULL);
-	CuAssertStrEquals (tc, p11_dict_get (config, "key2"), "user2");
-	CuAssertStrEquals (tc, p11_dict_get (config, "key3"), "user3");
+	assert (p11_dict_get (config, "key1") == NULL);
+	assert_str_eq (p11_dict_get (config, "key2"), "user2");
+	assert_str_eq (p11_dict_get (config, "key3"), "user3");
 
 	p11_dict_free (config);
 }
 
 static void
-test_load_globals_system_sets_only (CuTest *tc)
+test_load_globals_system_sets_only (void)
 {
 	int user_mode = -1;
 	p11_dict *config;
@@ -197,19 +197,19 @@ test_load_globals_system_sets_only (CuTest *tc)
 	config = _p11_conf_load_globals (SRCDIR "/files/test-system-only.conf",
 	                                 SRCDIR "/files/test-user.conf",
 	                                 &user_mode);
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, NULL, p11_message_last ());
-	CuAssertIntEquals (tc, CONF_USER_ONLY, user_mode);
+	assert_ptr_not_null (config);
+	assert (NULL == p11_message_last ());
+	assert_num_eq (CONF_USER_ONLY, user_mode);
 
-	CuAssertStrEquals (tc, p11_dict_get (config, "key1"), NULL);
-	CuAssertStrEquals (tc, p11_dict_get (config, "key2"), "user2");
-	CuAssertStrEquals (tc, p11_dict_get (config, "key3"), "user3");
+	assert (p11_dict_get (config, "key1") == NULL);
+	assert_str_eq (p11_dict_get (config, "key2"), "user2");
+	assert_str_eq (p11_dict_get (config, "key3"), "user3");
 
 	p11_dict_free (config);
 }
 
 static void
-test_load_globals_system_sets_invalid (CuTest *tc)
+test_load_globals_system_sets_invalid (void)
 {
 	int user_mode = -1;
 	p11_dict *config;
@@ -221,15 +221,15 @@ test_load_globals_system_sets_invalid (CuTest *tc)
 	                                 SRCDIR "/files/non-existant.conf",
 	                                 &user_mode);
 	error = errno;
-	CuAssertPtrEquals (tc, NULL, config);
-	CuAssertIntEquals (tc, EINVAL, error);
-	CuAssertPtrNotNull (tc, p11_message_last ());
+	assert_ptr_eq (NULL, config);
+	assert_num_eq (EINVAL, error);
+	assert_ptr_not_null (p11_message_last ());
 
 	p11_dict_free (config);
 }
 
 static void
-test_load_globals_user_sets_invalid (CuTest *tc)
+test_load_globals_user_sets_invalid (void)
 {
 	int user_mode = -1;
 	p11_dict *config;
@@ -241,9 +241,9 @@ test_load_globals_user_sets_invalid (CuTest *tc)
 	                                 SRCDIR "/files/test-user-invalid.conf",
 	                                 &user_mode);
 	error = errno;
-	CuAssertPtrEquals (tc, NULL, config);
-	CuAssertIntEquals (tc, EINVAL, error);
-	CuAssertPtrNotNull (tc, p11_message_last ());
+	assert_ptr_eq (NULL, config);
+	assert_num_eq (EINVAL, error);
+	assert_ptr_not_null (p11_message_last ());
 
 	p11_dict_free (config);
 }
@@ -256,7 +256,7 @@ assert_msg_contains (const char *msg,
 }
 
 static void
-test_load_modules_merge (CuTest *tc)
+test_load_modules_merge (void)
 {
 	p11_dict *configs;
 	p11_dict *config;
@@ -267,29 +267,29 @@ test_load_modules_merge (CuTest *tc)
 	                                  SRCDIR "/files/package-modules",
 	                                  SRCDIR "/files/system-modules",
 	                                  SRCDIR "/files/user-modules");
-	CuAssertPtrNotNull (tc, configs);
-	CuAssertTrue (tc, assert_msg_contains (p11_message_last (), "invalid config filename"));
+	assert_ptr_not_null (configs);
+	assert (assert_msg_contains (p11_message_last (), "invalid config filename"));
 
 	config = p11_dict_get (configs, "one");
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, "mock-one.so", p11_dict_get (config, "module"));
-	CuAssertStrEquals (tc, p11_dict_get (config, "setting"), "user1");
+	assert_ptr_not_null (config);
+	assert_str_eq ("mock-one.so", p11_dict_get (config, "module"));
+	assert_str_eq (p11_dict_get (config, "setting"), "user1");
 
 	config = p11_dict_get (configs, "two.badname");
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, "mock-two.so", p11_dict_get (config, "module"));
-	CuAssertStrEquals (tc, p11_dict_get (config, "setting"), "system2");
+	assert_ptr_not_null (config);
+	assert_str_eq ("mock-two.so", p11_dict_get (config, "module"));
+	assert_str_eq (p11_dict_get (config, "setting"), "system2");
 
 	config = p11_dict_get (configs, "three");
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, "mock-three.so", p11_dict_get (config, "module"));
-	CuAssertStrEquals (tc, p11_dict_get (config, "setting"), "user3");
+	assert_ptr_not_null (config);
+	assert_str_eq ("mock-three.so", p11_dict_get (config, "module"));
+	assert_str_eq (p11_dict_get (config, "setting"), "user3");
 
 	p11_dict_free (configs);
 }
 
 static void
-test_load_modules_user_none (CuTest *tc)
+test_load_modules_user_none (void)
 {
 	p11_dict *configs;
 	p11_dict *config;
@@ -300,27 +300,27 @@ test_load_modules_user_none (CuTest *tc)
 	                                  SRCDIR "/files/package-modules",
 	                                  SRCDIR "/files/system-modules",
 	                                  SRCDIR "/files/user-modules");
-	CuAssertPtrNotNull (tc, configs);
-	CuAssertTrue (tc, assert_msg_contains (p11_message_last (), "invalid config filename"));
+	assert_ptr_not_null (configs);
+	assert (assert_msg_contains (p11_message_last (), "invalid config filename"));
 
 	config = p11_dict_get (configs, "one");
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, "mock-one.so", p11_dict_get (config, "module"));
-	CuAssertStrEquals (tc, p11_dict_get (config, "setting"), "system1");
+	assert_ptr_not_null (config);
+	assert_str_eq ("mock-one.so", p11_dict_get (config, "module"));
+	assert_str_eq (p11_dict_get (config, "setting"), "system1");
 
 	config = p11_dict_get (configs, "two.badname");
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, "mock-two.so", p11_dict_get (config, "module"));
-	CuAssertStrEquals (tc, p11_dict_get (config, "setting"), "system2");
+	assert_ptr_not_null (config);
+	assert_str_eq ("mock-two.so", p11_dict_get (config, "module"));
+	assert_str_eq (p11_dict_get (config, "setting"), "system2");
 
 	config = p11_dict_get (configs, "three");
-	CuAssertPtrEquals (tc, NULL, config);
+	assert_ptr_eq (NULL, config);
 
 	p11_dict_free (configs);
 }
 
 static void
-test_load_modules_user_only (CuTest *tc)
+test_load_modules_user_only (void)
 {
 	p11_dict *configs;
 	p11_dict *config;
@@ -331,27 +331,27 @@ test_load_modules_user_only (CuTest *tc)
 	                                  SRCDIR "/files/package-modules",
 	                                  SRCDIR "/files/system-modules",
 	                                  SRCDIR "/files/user-modules");
-	CuAssertPtrNotNull (tc, configs);
-	CuAssertPtrEquals (tc, NULL, (void *)p11_message_last ());
+	assert_ptr_not_null (configs);
+	assert_ptr_eq (NULL, (void *)p11_message_last ());
 
 	config = p11_dict_get (configs, "one");
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, p11_dict_get (config, "module"), NULL);
-	CuAssertStrEquals (tc, p11_dict_get (config, "setting"), "user1");
+	assert_ptr_not_null (config);
+	assert (p11_dict_get (config, "module") == NULL);
+	assert_str_eq (p11_dict_get (config, "setting"), "user1");
 
 	config = p11_dict_get (configs, "two.badname");
-	CuAssertPtrEquals (tc, NULL, config);
+	assert_ptr_eq (NULL, config);
 
 	config = p11_dict_get (configs, "three");
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, "mock-three.so", p11_dict_get (config, "module"));
-	CuAssertStrEquals (tc, p11_dict_get (config, "setting"), "user3");
+	assert_ptr_not_null (config);
+	assert_str_eq ("mock-three.so", p11_dict_get (config, "module"));
+	assert_str_eq (p11_dict_get (config, "setting"), "user3");
 
 	p11_dict_free (configs);
 }
 
 static void
-test_load_modules_no_user (CuTest *tc)
+test_load_modules_no_user (void)
 {
 	p11_dict *configs;
 	p11_dict *config;
@@ -362,67 +362,53 @@ test_load_modules_no_user (CuTest *tc)
 	                                  SRCDIR "/files/package-modules",
 	                                  SRCDIR "/files/system-modules",
 	                                  SRCDIR "/files/non-existant");
-	CuAssertPtrNotNull (tc, configs);
-	CuAssertTrue (tc, assert_msg_contains (p11_message_last (), "invalid config filename"));
+	assert_ptr_not_null (configs);
+	assert (assert_msg_contains (p11_message_last (), "invalid config filename"));
 
 	config = p11_dict_get (configs, "one");
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, "mock-one.so", p11_dict_get (config, "module"));
-	CuAssertStrEquals (tc, p11_dict_get (config, "setting"), "system1");
+	assert_ptr_not_null (config);
+	assert_str_eq ("mock-one.so", p11_dict_get (config, "module"));
+	assert_str_eq (p11_dict_get (config, "setting"), "system1");
 
 	config = p11_dict_get (configs, "two.badname");
-	CuAssertPtrNotNull (tc, config);
-	CuAssertStrEquals (tc, "mock-two.so", p11_dict_get (config, "module"));
-	CuAssertStrEquals (tc, p11_dict_get (config, "setting"), "system2");
+	assert_ptr_not_null (config);
+	assert_str_eq ("mock-two.so", p11_dict_get (config, "module"));
+	assert_str_eq (p11_dict_get (config, "setting"), "system2");
 
 	config = p11_dict_get (configs, "three");
-	CuAssertPtrEquals (tc, NULL, config);
+	assert_ptr_eq (NULL, config);
 
 	p11_dict_free (configs);
 }
 
 static void
-test_parse_boolean (CuTest *tc)
+test_parse_boolean (void)
 {
 	p11_message_quiet ();
 
-	CuAssertIntEquals (tc, true, _p11_conf_parse_boolean ("yes", false));
-	CuAssertIntEquals (tc, false, _p11_conf_parse_boolean ("no", true));
-	CuAssertIntEquals (tc, true, _p11_conf_parse_boolean ("!!!", true));
+	assert_num_eq (true, _p11_conf_parse_boolean ("yes", false));
+	assert_num_eq (false, _p11_conf_parse_boolean ("no", true));
+	assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true));
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_parse_conf_1);
-	SUITE_ADD_TEST (suite, test_parse_ignore_missing);
-	SUITE_ADD_TEST (suite, test_parse_fail_missing);
-	SUITE_ADD_TEST (suite, test_merge_defaults);
-	SUITE_ADD_TEST (suite, test_load_globals_merge);
-	SUITE_ADD_TEST (suite, test_load_globals_no_user);
-	SUITE_ADD_TEST (suite, test_load_globals_system_sets_only);
-	SUITE_ADD_TEST (suite, test_load_globals_user_sets_only);
-	SUITE_ADD_TEST (suite, test_load_globals_system_sets_invalid);
-	SUITE_ADD_TEST (suite, test_load_globals_user_sets_invalid);
-	SUITE_ADD_TEST (suite, test_load_modules_merge);
-	SUITE_ADD_TEST (suite, test_load_modules_no_user);
-	SUITE_ADD_TEST (suite, test_load_modules_user_only);
-	SUITE_ADD_TEST (suite, test_load_modules_user_none);
-	SUITE_ADD_TEST (suite, test_parse_boolean);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-	return ret;
+	p11_test (test_parse_conf_1, "/conf/test_parse_conf_1");
+	p11_test (test_parse_ignore_missing, "/conf/test_parse_ignore_missing");
+	p11_test (test_parse_fail_missing, "/conf/test_parse_fail_missing");
+	p11_test (test_merge_defaults, "/conf/test_merge_defaults");
+	p11_test (test_load_globals_merge, "/conf/test_load_globals_merge");
+	p11_test (test_load_globals_no_user, "/conf/test_load_globals_no_user");
+	p11_test (test_load_globals_system_sets_only, "/conf/test_load_globals_system_sets_only");
+	p11_test (test_load_globals_user_sets_only, "/conf/test_load_globals_user_sets_only");
+	p11_test (test_load_globals_system_sets_invalid, "/conf/test_load_globals_system_sets_invalid");
+	p11_test (test_load_globals_user_sets_invalid, "/conf/test_load_globals_user_sets_invalid");
+	p11_test (test_load_modules_merge, "/conf/test_load_modules_merge");
+	p11_test (test_load_modules_no_user, "/conf/test_load_modules_no_user");
+	p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only");
+	p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none");
+	p11_test (test_parse_boolean, "/conf/test_parse_boolean");
+	return p11_test_run (argc, argv);
 }
diff --git a/p11-kit/tests/test-deprecated.c b/p11-kit/tests/test-deprecated.c
new file mode 100644
index 0000000..7ea8260
--- /dev/null
+++ b/p11-kit/tests/test-deprecated.c
@@ -0,0 +1,508 @@
+/*
+ * Copyright (c) 2011, Collabora Ltd.
+ * Copyright (c) 2012 Red Hat Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#define P11_KIT_NO_DEPRECATIONS
+
+#include "config.h"
+#include "test.h"
+
+#include "dict.h"
+#include "library.h"
+#include "p11-kit.h"
+#include "private.h"
+#include "mock.h"
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+static CK_FUNCTION_LIST_PTR_PTR
+initialize_and_get_modules (void)
+{
+	CK_FUNCTION_LIST_PTR_PTR modules;
+	CK_RV rv;
+
+	rv = p11_kit_initialize_registered ();
+	assert_num_eq (CKR_OK, rv);
+	modules = p11_kit_registered_modules ();
+	assert (modules != NULL && modules[0] != NULL);
+
+	return modules;
+}
+
+static void
+finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules)
+{
+	CK_RV rv;
+
+	free (modules);
+	rv = p11_kit_finalize_registered ();
+	assert_num_eq (CKR_OK, rv);
+
+}
+
+static void
+test_no_duplicates (void)
+{
+	CK_FUNCTION_LIST_PTR_PTR modules;
+	p11_dict *paths;
+	p11_dict *funcs;
+	char *path;
+	int i;
+
+	modules = initialize_and_get_modules ();
+	paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
+	funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL);
+
+	/* The loaded modules should not contain duplicates */
+	for (i = 0; modules[i] != NULL; i++) {
+		path = p11_kit_registered_option (modules[i], "module");
+
+		if (p11_dict_get (funcs, modules[i]))
+			assert_fail ("found duplicate function list pointer", NULL);
+		if (p11_dict_get (paths, path))
+			assert_fail ("found duplicate path name", NULL);
+
+		if (!p11_dict_set (funcs, modules[i], ""))
+			assert_not_reached ();
+		if (!p11_dict_set (paths, path, ""))
+			assert_not_reached ();
+
+		free (path);
+	}
+
+	p11_dict_free (paths);
+	p11_dict_free (funcs);
+	finalize_and_free_modules (modules);
+}
+
+static CK_FUNCTION_LIST_PTR
+lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules,
+                         const char *name)
+{
+	CK_FUNCTION_LIST_PTR match = NULL;
+	CK_FUNCTION_LIST_PTR module;
+	char *module_name;
+	int i;
+
+	for (i = 0; match == NULL && modules[i] != NULL; i++) {
+		module_name = p11_kit_registered_module_to_name (modules[i]);
+		assert_ptr_not_null (module_name);
+		if (strcmp (module_name, name) == 0)
+			match = modules[i];
+		free (module_name);
+	}
+
+	/*
+	 * As a side effect, we should check that the results of this function
+	 * matches the above search.
+	 */
+	module = p11_kit_registered_name_to_module (name);
+	if (module != match)
+		assert_fail ("different result from p11_kit_registered_name_to_module()", NULL);
+
+	return match;
+}
+
+static void
+test_disable (void)
+{
+	CK_FUNCTION_LIST_PTR_PTR modules;
+
+	/*
+	 * The module four should be present, as we don't match any prognames
+	 * that it has disabled.
+	 */
+
+	modules = initialize_and_get_modules ();
+	assert (lookup_module_with_name (modules, "four") != NULL);
+	finalize_and_free_modules (modules);
+
+	/*
+	 * The module two shouldn't have been loaded, because in its config
+	 * file we have:
+	 *
+	 * disable-in: test-disable
+	 */
+
+	p11_kit_set_progname ("test-disable");
+
+	modules = initialize_and_get_modules ();
+	assert (lookup_module_with_name (modules, "four") == NULL);
+	finalize_and_free_modules (modules);
+
+	p11_kit_set_progname (NULL);
+}
+
+static void
+test_disable_later (void)
+{
+	CK_FUNCTION_LIST_PTR_PTR modules;
+	CK_RV rv;
+
+	/*
+	 * The module two shouldn't be matched, because in its config
+	 * file we have:
+	 *
+	 * disable-in: test-disable
+	 */
+
+	rv = p11_kit_initialize_registered ();
+	assert_num_eq (CKR_OK, rv);
+
+	p11_kit_set_progname ("test-disable");
+
+	modules = p11_kit_registered_modules ();
+	assert (modules != NULL && modules[0] != NULL);
+
+	assert (lookup_module_with_name (modules, "two") == NULL);
+	finalize_and_free_modules (modules);
+
+	p11_kit_set_progname (NULL);
+}
+
+static void
+test_enable (void)
+{
+	CK_FUNCTION_LIST_PTR_PTR modules;
+
+	/*
+	 * The module three should not be present, as we don't match the current
+	 * program.
+	 */
+
+	modules = initialize_and_get_modules ();
+	assert (lookup_module_with_name (modules, "three") == NULL);
+	finalize_and_free_modules (modules);
+
+	/*
+	 * The module three should be loaded here , because in its config
+	 * file we have:
+	 *
+	 * enable-in: test-enable
+	 */
+
+	p11_kit_set_progname ("test-enable");
+
+	modules = initialize_and_get_modules ();
+	assert (lookup_module_with_name (modules, "three") != NULL);
+	finalize_and_free_modules (modules);
+
+	p11_kit_set_progname (NULL);
+}
+
+CK_FUNCTION_LIST module;
+
+#ifdef OS_UNIX
+
+#include 
+
+static CK_RV
+mock_C_Initialize__with_fork (CK_VOID_PTR init_args)
+{
+	struct timespec ts = { 0, 100 * 1000 * 1000 };
+	CK_RV rv;
+	pid_t child;
+	pid_t ret;
+	int status;
+
+	rv = mock_C_Initialize (init_args);
+	assert (rv == CKR_OK);
+
+	/* Fork during the initialization */
+	child = fork ();
+	if (child == 0) {
+		nanosleep (&ts, NULL);
+		exit (66);
+	}
+
+	ret = waitpid (child, &status, 0);
+	assert (ret == child);
+	assert (WIFEXITED (status));
+	assert (WEXITSTATUS (status) == 66);
+
+	return CKR_OK;
+}
+
+static void
+test_fork_initialization (void)
+{
+	CK_RV rv;
+
+	assert (!mock_module_initialized ());
+
+	/* Build up our own function list */
+	memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
+	module.C_Initialize = mock_C_Initialize__with_fork;
+
+	rv = p11_kit_initialize_module (&module);
+	assert (rv == CKR_OK);
+
+	rv = p11_kit_finalize_module (&module);
+	assert (rv == CKR_OK);
+
+	assert (!mock_module_initialized ());
+}
+
+#endif /* OS_UNIX */
+
+static CK_RV
+mock_C_Initialize__with_recursive (CK_VOID_PTR init_args)
+{
+	/* Recursively initialize, this is broken */
+	return p11_kit_initialize_module (&module);
+}
+
+static void
+test_recursive_initialization (void)
+{
+	CK_RV rv;
+
+	assert (!mock_module_initialized ());
+
+	/* Build up our own function list */
+	memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
+	module.C_Initialize = mock_C_Initialize__with_recursive;
+
+	rv = p11_kit_initialize_module (&module);
+	assert (rv == CKR_FUNCTION_FAILED);
+
+	assert (!mock_module_initialized ());
+}
+
+static p11_mutex_t race_mutex;
+static int initialization_count = 0;
+static int finalization_count = 0;
+
+static CK_RV
+mock_C_Initialize__threaded_race (CK_VOID_PTR init_args)
+{
+	/* Atomically increment value */
+	p11_mutex_lock (&race_mutex);
+	initialization_count += 1;
+	p11_mutex_unlock (&race_mutex);
+
+	p11_sleep_ms (100);
+	return CKR_OK;
+}
+
+static CK_RV
+mock_C_Finalize__threaded_race (CK_VOID_PTR reserved)
+{
+	/* Atomically increment value */
+	p11_mutex_lock (&race_mutex);
+	finalization_count += 1;
+	p11_mutex_unlock (&race_mutex);
+
+	p11_sleep_ms (100);
+	return CKR_OK;
+}
+
+static void *
+initialization_thread (void *data)
+{
+	CK_RV rv;
+
+	assert_str_eq (data, "thread-data");
+	rv = p11_kit_initialize_module (&module);
+	assert (rv == CKR_OK);
+
+	return "thread-data";
+}
+
+static void *
+finalization_thread (void *data)
+{
+	CK_RV rv;
+
+	assert_str_eq (data, "thread-data");
+	rv = p11_kit_finalize_module (&module);
+	assert (rv == CKR_OK);
+
+	return "thread-data";
+}
+
+static void
+test_threaded_initialization (void)
+{
+	static const int num_threads = 2;
+	p11_thread_t threads[num_threads];
+	int ret;
+	int i;
+
+	assert (!mock_module_initialized ());
+
+	/* Build up our own function list */
+	memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
+	module.C_Initialize = mock_C_Initialize__threaded_race;
+	module.C_Finalize = mock_C_Finalize__threaded_race;
+
+	initialization_count = 0;
+	finalization_count = 0;
+
+	for (i = 0; i < num_threads; i++) {
+		ret = p11_thread_create (&threads[i], initialization_thread, "thread-data");
+		assert_num_eq (0, ret);
+		assert (threads[i] != 0);
+	}
+
+	for (i = 0; i < num_threads; i++) {
+		ret = p11_thread_join (threads[i]);
+		assert_num_eq (0, ret);
+		threads[i] = 0;
+	}
+
+	for (i = 0; i < num_threads; i++) {
+		ret = p11_thread_create (&threads[i], finalization_thread, "thread-data");
+		assert_num_eq (0, ret);
+		assert (threads[i] != 0);
+	}
+
+	for (i = 0; i < num_threads; i++) {
+		ret = p11_thread_join (threads[i]);
+		assert_num_eq (0, ret);
+		threads[i] = 0;
+	}
+
+	/* C_Initialize should have been called exactly once */
+	assert_num_eq (1, initialization_count);
+	assert_num_eq (1, finalization_count);
+
+	assert (!mock_module_initialized ());
+}
+
+static CK_RV
+mock_C_Initialize__test_mutexes (CK_VOID_PTR args)
+{
+	CK_C_INITIALIZE_ARGS_PTR init_args;
+	void *mutex = NULL;
+	CK_RV rv;
+
+	rv = mock_C_Initialize (NULL);
+	if (rv != CKR_OK)
+		return rv;
+
+	assert (args != NULL);
+	init_args = args;
+
+	rv = (init_args->CreateMutex) (&mutex);
+	assert (rv == CKR_OK);
+
+	rv = (init_args->LockMutex) (mutex);
+	assert (rv == CKR_OK);
+
+	rv = (init_args->UnlockMutex) (mutex);
+	assert (rv == CKR_OK);
+
+	rv = (init_args->DestroyMutex) (mutex);
+	assert (rv == CKR_OK);
+
+	return CKR_OK;
+}
+
+static void
+test_mutexes (void)
+{
+	CK_RV rv;
+
+	assert (!mock_module_initialized ());
+
+	/* Build up our own function list */
+	memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
+	module.C_Initialize = mock_C_Initialize__test_mutexes;
+
+	rv = p11_kit_initialize_module (&module);
+	assert (rv == CKR_OK);
+
+	rv = p11_kit_finalize_module (&module);
+	assert (rv == CKR_OK);
+
+	assert (!mock_module_initialized ());
+}
+
+static void
+test_load_and_initialize (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_INFO info;
+	CK_RV rv;
+	int ret;
+
+	rv = p11_kit_load_initialize_module (BUILDDIR "/.libs/mock-one" SHLEXT, &module);
+	assert (rv == CKR_OK);
+	assert (module != NULL);
+
+	rv = (module->C_GetInfo) (&info);
+	assert (rv == CKR_OK);
+
+	ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER               ", 32);
+	assert (ret == 0);
+
+	rv = p11_kit_finalize_module (module);
+	assert (ret == CKR_OK);
+}
+
+int
+main (int argc,
+      char *argv[])
+{
+	p11_mutex_init (&race_mutex);
+	mock_module_init ();
+	p11_library_init ();
+
+	p11_test (test_no_duplicates, "/deprecated/test_no_duplicates");
+	p11_test (test_disable, "/deprecated/test_disable");
+	p11_test (test_disable_later, "/deprecated/test_disable_later");
+	p11_test (test_enable, "/deprecated/test_enable");
+
+#ifdef OS_UNIX
+	p11_test (test_fork_initialization, "/deprecated/test_fork_initialization");
+#endif
+
+	p11_test (test_recursive_initialization, "/deprecated/test_recursive_initialization");
+	p11_test (test_threaded_initialization, "/deprecated/test_threaded_initialization");
+	p11_test (test_mutexes, "/deprecated/test_mutexes");
+	p11_test (test_load_and_initialize, "/deprecated/test_load_and_initialize");
+
+	p11_kit_be_quiet ();
+
+	return p11_test_run (argc, argv);
+}
diff --git a/p11-kit/tests/test-init.c b/p11-kit/tests/test-init.c
index 7df4be9..76805ee 100644
--- a/p11-kit/tests/test-init.c
+++ b/p11-kit/tests/test-init.c
@@ -33,11 +33,16 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
 
 #include 
 
 #include "library.h"
+#include "mock.h"
+#include "modules.h"
+#include "p11-kit.h"
+#include "private.h"
+#include "virtual.h"
 
 #include 
 #include 
@@ -46,11 +51,8 @@
 #include 
 #include 
 
-#include "p11-kit/p11-kit.h"
-
-#include "mock.h"
-
-CK_FUNCTION_LIST module;
+static CK_FUNCTION_LIST module;
+static p11_mutex_t race_mutex;
 
 #ifdef OS_UNIX
 
@@ -84,23 +86,42 @@ mock_C_Initialize__with_fork (CK_VOID_PTR init_args)
 }
 
 static void
-test_fork_initialization (CuTest *tc)
+test_fork_initialization (void)
 {
+	CK_FUNCTION_LIST_PTR result;
 	CK_RV rv;
 
+	mock_module_reset ();
+
 	/* Build up our own function list */
 	memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
 	module.C_Initialize = mock_C_Initialize__with_fork;
 
-	rv = p11_kit_initialize_module (&module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	p11_lock ();
+
+	rv = p11_module_load_inlock_reentrant (&module, 0, &result);
+	assert (rv == CKR_OK);
+
+	p11_unlock ();
+
+	rv = p11_kit_module_initialize (result);
+	assert (rv == CKR_OK);
+
+	rv = p11_kit_module_finalize (result);
+	assert (rv == CKR_OK);
 
-	rv = p11_kit_finalize_module (&module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	p11_lock ();
+
+	rv = p11_module_release_inlock_reentrant (result);
+	assert (rv == CKR_OK);
+
+	p11_unlock ();
 }
 
 #endif /* OS_UNIX */
 
+static CK_FUNCTION_LIST *recursive_managed;
+
 static CK_RV
 mock_C_Initialize__with_recursive (CK_VOID_PTR init_args)
 {
@@ -109,12 +130,11 @@ mock_C_Initialize__with_recursive (CK_VOID_PTR init_args)
 	rv = mock_C_Initialize (init_args);
 	assert (rv == CKR_OK);
 
-	/* Recursively initialize, this is broken */
-	return p11_kit_initialize_module (&module);
+	return p11_kit_module_initialize (recursive_managed);
 }
 
 static void
-test_recursive_initialization (CuTest *tc)
+test_recursive_initialization (void)
 {
 	CK_RV rv;
 
@@ -122,16 +142,31 @@ test_recursive_initialization (CuTest *tc)
 	memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
 	module.C_Initialize = mock_C_Initialize__with_recursive;
 
-	rv = p11_kit_initialize_module (&module);
-	CuAssertTrue (tc, rv == CKR_FUNCTION_FAILED);
+	p11_kit_be_quiet ();
+
+	p11_lock ();
+
+	rv = p11_module_load_inlock_reentrant (&module, 0, &recursive_managed);
+	assert (rv == CKR_OK);
+
+	p11_unlock ();
+
+	rv = p11_kit_module_initialize (recursive_managed);
+	assert_num_eq (CKR_FUNCTION_FAILED, rv);
+
+	p11_lock ();
+
+	rv = p11_module_release_inlock_reentrant (recursive_managed);
+	assert (rv == CKR_OK);
+
+	p11_unlock ();
+
+	p11_kit_be_loud ();
 }
 
-static p11_mutex_t race_mutex;
 static int initialization_count = 0;
 static int finalization_count = 0;
 
-#include "private.h"
-
 static CK_RV
 mock_C_Initialize__threaded_race (CK_VOID_PTR init_args)
 {
@@ -159,32 +194,36 @@ mock_C_Finalize__threaded_race (CK_VOID_PTR reserved)
 static void *
 initialization_thread (void *data)
 {
-	CuTest *tc = data;
+	CK_FUNCTION_LIST *module = data;
 	CK_RV rv;
 
-	rv = p11_kit_initialize_module (&module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	assert (module != NULL);
+	rv = p11_kit_module_initialize (module);
+	assert_num_eq (rv, CKR_OK);
 
-	return tc;
+	return module;
 }
 
 static void *
 finalization_thread (void *data)
 {
-	CuTest *tc = data;
+	CK_FUNCTION_LIST *module = data;
 	CK_RV rv;
 
-	rv = p11_kit_finalize_module (&module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	assert (module != NULL);
+	rv = p11_kit_module_finalize (module);
+	assert_num_eq (rv, CKR_OK);
 
-	return tc;
+	return module;
 }
 
 static void
-test_threaded_initialization (CuTest *tc)
+test_threaded_initialization (void)
 {
-	static const int num_threads = 2;
+	static const int num_threads = 1;
+	CK_FUNCTION_LIST *data[num_threads];
 	p11_thread_t threads[num_threads];
+	CK_RV rv;
 	int ret;
 	int i;
 
@@ -193,36 +232,57 @@ test_threaded_initialization (CuTest *tc)
 	module.C_Initialize = mock_C_Initialize__threaded_race;
 	module.C_Finalize = mock_C_Finalize__threaded_race;
 
+	memset (&data, 0, sizeof (data));
 	initialization_count = 0;
 	finalization_count = 0;
 
+	p11_lock ();
+
+	for (i = 0; i < num_threads; i++) {
+		assert (data[i] == NULL);
+		rv = p11_module_load_inlock_reentrant (&module, 0, &data[i]);
+		assert (rv == CKR_OK);
+	}
+
+	p11_unlock ();
+
 	for (i = 0; i < num_threads; i++) {
-		ret = p11_thread_create (&threads[i], initialization_thread, tc);
-		CuAssertIntEquals (tc, 0, ret);
-		CuAssertTrue (tc, threads[i] != 0);
+		ret = p11_thread_create (&threads[i], initialization_thread, data[i]);
+		assert_num_eq (0, ret);
+		assert (threads[i] != 0);
 	}
 
 	for (i = 0; i < num_threads; i++) {
 		ret = p11_thread_join (threads[i]);
-		CuAssertIntEquals (tc, 0, ret);
+		assert_num_eq (0, ret);
 		threads[i] = 0;
 	}
 
 	for (i = 0; i < num_threads; i++) {
-		ret = p11_thread_create (&threads[i], finalization_thread, tc);
-		CuAssertIntEquals (tc, 0, ret);
-		CuAssertTrue (tc, threads[i] != 0);
+		ret = p11_thread_create (&threads[i], finalization_thread, data[i]);
+		assert_num_eq (0, ret);
+		assert (threads[i] != 0);
 	}
 
 	for (i = 0; i < num_threads; i++) {
 		ret = p11_thread_join (threads[i]);
-		CuAssertIntEquals (tc, 0, ret);
+		assert_num_eq (0, ret);
 		threads[i] = 0;
 	}
 
+	p11_lock ();
+
+	for (i = 0; i < num_threads; i++) {
+		assert (data[i] != NULL);
+		rv = p11_module_release_inlock_reentrant (data[i]);
+		assert (rv == CKR_OK);
+	}
+
+	p11_unlock ();
+
 	/* C_Initialize should have been called exactly once */
-	CuAssertIntEquals (tc, 1, initialization_count);
-	CuAssertIntEquals (tc, 1, finalization_count);
+	assert_num_eq (1, initialization_count);
+	assert_num_eq (1, finalization_count);
 }
 
 static CK_RV
@@ -251,71 +311,106 @@ mock_C_Initialize__test_mutexes (CK_VOID_PTR args)
 }
 
 static void
-test_mutexes (CuTest *tc)
+test_mutexes (void)
 {
+	CK_FUNCTION_LIST_PTR result;
 	CK_RV rv;
 
 	/* Build up our own function list */
 	memcpy (&module, &mock_module_no_slots, sizeof (CK_FUNCTION_LIST));
 	module.C_Initialize = mock_C_Initialize__test_mutexes;
 
-	rv = p11_kit_initialize_module (&module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	p11_lock ();
+
+	rv = p11_module_load_inlock_reentrant (&module, 0, &result);
+	assert (rv == CKR_OK);
+
+	rv = p11_module_release_inlock_reentrant (result);
+	assert (rv == CKR_OK);
 
-	rv = p11_kit_finalize_module (&module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	p11_unlock ();
 }
 
 static void
-test_load_and_initialize (CuTest *tc)
+test_load_and_initialize (void)
 {
 	CK_FUNCTION_LIST_PTR module;
 	CK_INFO info;
 	CK_RV rv;
 	int ret;
 
-	rv = p11_kit_load_initialize_module (BUILDDIR "/.libs/mock-one" SHLEXT, &module);
-	CuAssertTrue (tc, rv == CKR_OK);
-	CuAssertTrue (tc, module != NULL);
+	module = p11_kit_module_load (BUILDDIR "/.libs/mock-one" SHLEXT, 0);
+	assert (module != NULL);
+
+	rv = p11_kit_module_initialize (module);
+	assert (rv == CKR_OK);
 
 	rv = (module->C_GetInfo) (&info);
-	CuAssertTrue (tc, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	ret = memcmp (info.manufacturerID, "MOCK MANUFACTURER               ", 32);
-	CuAssertTrue (tc, ret == 0);
+	assert (ret == 0);
 
-	rv = p11_kit_finalize_module (module);
-	CuAssertTrue (tc, ret == CKR_OK);
+	rv = p11_kit_module_finalize (module);
+	assert (rv == CKR_OK);
+
+	p11_kit_module_release (module);
 }
 
-int
-main (void)
+static void
+test_initalize_fail (void)
+{
+	CK_FUNCTION_LIST failer;
+	CK_FUNCTION_LIST *modules[3] = { &mock_module_no_slots, &failer, NULL };
+	CK_RV rv;
+
+	memcpy (&failer, &mock_module, sizeof (CK_FUNCTION_LIST));
+	failer.C_Initialize = mock_C_Initialize__fails;
+
+	mock_module_reset ();
+	p11_kit_be_quiet ();
+
+	rv = p11_kit_modules_initialize (modules, NULL);
+	assert_num_eq (CKR_FUNCTION_FAILED, rv);
+
+	p11_kit_be_loud ();
+
+	/* Failed modules get removed from the list */
+	assert_ptr_eq (&mock_module_no_slots, modules[0]);
+	assert_ptr_eq (NULL, modules[1]);
+	assert_ptr_eq (NULL, modules[2]);
+
+	p11_kit_modules_finalize (modules);
+}
+
+static void
+test_finalize_fail (void)
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
 
-	putenv ("P11_KIT_STRICT=1");
+}
+
+int
+main (int argc,
+      char *argv[])
+{
 	p11_mutex_init (&race_mutex);
 	mock_module_init ();
 	p11_library_init ();
 
+	/* These only work when managed */
+	if (p11_virtual_can_wrap ()) {
+		p11_test (test_recursive_initialization, "/init/test_recursive_initialization");
+		p11_test (test_threaded_initialization, "/init/test_threaded_initialization");
+		p11_test (test_mutexes, "/init/test_mutexes");
+		p11_test (test_load_and_initialize, "/init/test_load_and_initialize");
+
 #ifdef OS_UNIX
-	SUITE_ADD_TEST (suite, test_fork_initialization);
+		p11_test (test_fork_initialization, "/init/test_fork_initialization");
 #endif
+	}
 
-	SUITE_ADD_TEST (suite, test_recursive_initialization);
-	SUITE_ADD_TEST (suite, test_threaded_initialization);
-	SUITE_ADD_TEST (suite, test_mutexes);
-	SUITE_ADD_TEST (suite, test_load_and_initialize);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
+	p11_test (test_initalize_fail, "/init/test_initalize_fail");
+	p11_test (test_finalize_fail, "/init/test_finalize_fail");
 
-	return ret;
+	return p11_test_run (argc, argv);
 }
diff --git a/p11-kit/tests/test-iter.c b/p11-kit/tests/test-iter.c
index 08e43b3..18b5ed6 100644
--- a/p11-kit/tests/test-iter.c
+++ b/p11-kit/tests/test-iter.c
@@ -33,7 +33,7 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
 
 #define P11_KIT_FUTURE_UNSTABLE_API 1
 
@@ -49,17 +49,14 @@
 #include 
 
 static CK_FUNCTION_LIST_PTR_PTR
-initialize_and_get_modules (CuTest *tc)
+initialize_and_get_modules (void)
 {
 	CK_FUNCTION_LIST_PTR_PTR modules;
-	CK_RV rv;
 
 	p11_message_quiet ();
 
-	rv = p11_kit_initialize_registered ();
-	CuAssertIntEquals (tc, CKR_OK, rv);
-	modules = p11_kit_registered_modules ();
-	CuAssertTrue (tc, modules != NULL && modules[0] != NULL);
+	modules = p11_kit_modules_load_and_initialize (0);
+	assert (modules != NULL && modules[0] != NULL);
 
 	p11_message_loud ();
 
@@ -67,14 +64,10 @@ initialize_and_get_modules (CuTest *tc)
 }
 
 static void
-finalize_and_free_modules (CuTest *tc,
-                           CK_FUNCTION_LIST_PTR_PTR modules)
+finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules)
 {
-	CK_RV rv;
-
-	free (modules);
-	rv = p11_kit_finalize_registered ();
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	p11_kit_modules_finalize (modules);
+	p11_kit_modules_release (modules);
 }
 
 static int
@@ -93,7 +86,7 @@ has_handle (CK_ULONG *objects,
 
 
 static void
-test_all (CuTest *tc)
+test_all (void)
 {
 	CK_OBJECT_HANDLE objects[128];
 	CK_FUNCTION_LIST_PTR *modules;
@@ -104,59 +97,60 @@ test_all (CuTest *tc)
 	CK_RV rv;
 	int at;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	iter = p11_kit_iter_new (NULL);
 	p11_kit_iter_begin (iter, modules);
 
 	at = 0;
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		CuAssertTrue (tc, at < 128);
+		assert (at < 128);
 		objects[at] = p11_kit_iter_get_object (iter);
 
 		module = p11_kit_iter_get_module (iter);
-		CuAssertPtrNotNull (tc, module);
+		assert_ptr_not_null (module);
 
 		session = p11_kit_iter_get_session (iter);
-		CuAssertTrue (tc, session != 0);
+		assert (session != 0);
 
 		/* Do something with the object */
 		size = 0;
 		rv = (module->C_GetObjectSize) (session, objects[at], &size);
-		CuAssertTrue (tc, rv == CKR_OK);
-		CuAssertTrue (tc, size > 0);
+		assert (rv == CKR_OK);
+		assert (size > 0);
 
 		at++;
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Three modules, each with 1 slot, and 3 public objects */
-	CuAssertIntEquals (tc, 9, at);
+	assert_num_eq (9, at);
 
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_DATA_OBJECT));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_DATA_OBJECT));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static CK_RV
 on_iter_callback (P11KitIter *iter,
-                      CK_BBOOL *matches,
-                      void *data)
+                  CK_BBOOL *matches,
+                  void *data)
 {
-	CuTest *tc = data;
 	CK_OBJECT_HANDLE object;
 	CK_FUNCTION_LIST_PTR module;
 	CK_SESSION_HANDLE session;
 	CK_ULONG size;
 	CK_RV rv;
 
+	assert_str_eq (data, "callback");
+
 	object = p11_kit_iter_get_object (iter);
 	if (object != MOCK_PUBLIC_KEY_CAPITALIZE && object != MOCK_PUBLIC_KEY_PREFIX) {
 		*matches = CK_FALSE;
@@ -164,22 +158,22 @@ on_iter_callback (P11KitIter *iter,
 	}
 
 	module = p11_kit_iter_get_module (iter);
-	CuAssertPtrNotNull (tc, module);
+	assert_ptr_not_null (module);
 
 	session = p11_kit_iter_get_session (iter);
-	CuAssertTrue (tc, session != 0);
+	assert (session != 0);
 
 	/* Do something with the object */
 	size = 0;
 	rv = (module->C_GetObjectSize) (session, object, &size);
-	CuAssertTrue (tc, rv == CKR_OK);
-	CuAssertTrue (tc, size > 0);
+	assert (rv == CKR_OK);
+	assert (size > 0);
 
 	return CKR_OK;
 }
 
 static void
-test_callback (CuTest *tc)
+test_callback (void)
 {
 	CK_OBJECT_HANDLE objects[128];
 	CK_FUNCTION_LIST_PTR *modules;
@@ -187,33 +181,33 @@ test_callback (CuTest *tc)
 	CK_RV rv;
 	int at;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	iter = p11_kit_iter_new (NULL);
-	p11_kit_iter_add_callback (iter, on_iter_callback, tc, NULL);
+	p11_kit_iter_add_callback (iter, on_iter_callback, "callback", NULL);
 	p11_kit_iter_begin (iter, modules);
 
 	at= 0;
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		CuAssertTrue (tc, at < 128);
+		assert (at < 128);
 		objects[at] = p11_kit_iter_get_object (iter);
 		at++;
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Three modules, each with 1 slot, and 2 public keys */
-	CuAssertIntEquals (tc, 6, at);
+	assert_num_eq (6, at);
 
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_DATA_OBJECT));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
+	assert (!has_handle (objects, at, MOCK_DATA_OBJECT));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static CK_RV
@@ -225,30 +219,30 @@ on_callback_fail (P11KitIter *iter,
 }
 
 static void
-test_callback_fails (CuTest *tc)
+test_callback_fails (void)
 {
 	CK_FUNCTION_LIST_PTR *modules;
 	P11KitIter *iter;
 	CK_RV rv;
 	int at;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	iter = p11_kit_iter_new (NULL);
-	p11_kit_iter_add_callback (iter, on_callback_fail, tc, NULL);
+	p11_kit_iter_add_callback (iter, on_callback_fail, "callback", NULL);
 	p11_kit_iter_begin (iter, modules);
 
 	at= 0;
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		at++;
 
-	CuAssertTrue (tc, rv == CKR_DATA_INVALID);
+	assert (rv == CKR_DATA_INVALID);
 
 	/* Shouldn't have succeeded at all */
-	CuAssertIntEquals (tc, 0, at);
+	assert_num_eq (0, at);
 
 	p11_kit_iter_free (iter);
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
@@ -259,7 +253,7 @@ on_destroy_increment (void *data)
 }
 
 static void
-test_callback_destroyer (CuTest *tc)
+test_callback_destroyer (void)
 {
 	P11KitIter *iter;
 	int value = 1;
@@ -268,11 +262,11 @@ test_callback_destroyer (CuTest *tc)
 	p11_kit_iter_add_callback (iter, on_callback_fail, &value, on_destroy_increment);
 	p11_kit_iter_free (iter);
 
-	CuAssertIntEquals (tc, 2, value);
+	assert_num_eq (2, value);
 }
 
 static void
-test_with_session (CuTest *tc)
+test_with_session (void)
 {
 	CK_OBJECT_HANDLE objects[128];
 	CK_SESSION_HANDLE session;
@@ -282,53 +276,54 @@ test_with_session (CuTest *tc)
 	CK_RV rv;
 	int at;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	rv = mock_C_OpenSession (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertTrue (tc, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	iter = p11_kit_iter_new (NULL);
 	p11_kit_iter_begin_with (iter, &mock_module, 0, session);
 
 	at= 0;
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		CuAssertTrue (tc, at < 128);
+		assert (at < 128);
 		objects[at] = p11_kit_iter_get_object (iter);
 
 		slot = p11_kit_iter_get_slot (iter);
-		CuAssertTrue (tc, slot == MOCK_SLOT_ONE_ID);
+		assert (slot == MOCK_SLOT_ONE_ID);
 
 		module = p11_kit_iter_get_module (iter);
-		CuAssertPtrEquals (tc, module, &mock_module);
+		assert_ptr_eq (module, &mock_module);
 
-		CuAssertTrue (tc, session == p11_kit_iter_get_session (iter));
+		assert (session == p11_kit_iter_get_session (iter));
 		at++;
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* 1 modules, each with 1 slot, and 3 public objects */
-	CuAssertIntEquals (tc, 3, at);
+	assert_num_eq (3, at);
 
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_DATA_OBJECT));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_DATA_OBJECT));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
 
 	p11_kit_iter_free (iter);
 
 	/* The session is still valid ... */
 	rv = mock_module.C_CloseSession (session);
-	CuAssertTrue (tc, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_with_slot (CuTest *tc)
+test_with_slot (void)
 {
 	CK_OBJECT_HANDLE objects[128];
 	CK_FUNCTION_LIST_PTR module;
@@ -337,44 +332,45 @@ test_with_slot (CuTest *tc)
 	CK_RV rv;
 	int at;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	iter = p11_kit_iter_new (NULL);
 	p11_kit_iter_begin_with (iter, &mock_module, MOCK_SLOT_ONE_ID, 0);
 
 	at= 0;
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		CuAssertTrue (tc, at < 128);
+		assert (at < 128);
 		objects[at] = p11_kit_iter_get_object (iter);
 
 		slot = p11_kit_iter_get_slot (iter);
-		CuAssertTrue (tc, slot == MOCK_SLOT_ONE_ID);
+		assert (slot == MOCK_SLOT_ONE_ID);
 
 		module = p11_kit_iter_get_module (iter);
-		CuAssertPtrEquals (tc, module, &mock_module);
+		assert_ptr_eq (module, &mock_module);
 		at++;
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* 1 modules, each with 1 slot, and 3 public objects */
-	CuAssertIntEquals (tc, 3, at);
+	assert_num_eq (3, at);
 
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_DATA_OBJECT));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_DATA_OBJECT));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = (mock_module.C_Finalize) (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_with_module (CuTest *tc)
+test_with_module (void)
 {
 	CK_OBJECT_HANDLE objects[128];
 	CK_FUNCTION_LIST_PTR module;
@@ -382,68 +378,70 @@ test_with_module (CuTest *tc)
 	CK_RV rv;
 	int at;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	iter = p11_kit_iter_new (NULL);
 	p11_kit_iter_begin_with (iter, &mock_module, 0, 0);
 
 	at= 0;
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		CuAssertTrue (tc, at < 128);
+		assert (at < 128);
 		objects[at] = p11_kit_iter_get_object (iter);
 
 		module = p11_kit_iter_get_module (iter);
-		CuAssertPtrEquals (tc, module, &mock_module);
+		assert_ptr_eq (module, &mock_module);
 		at++;
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* 1 modules, each with 1 slot, and 3 public objects */
-	CuAssertIntEquals (tc, 3, at);
+	assert_num_eq (3, at);
 
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_DATA_OBJECT));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_DATA_OBJECT));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_keep_session (CuTest *tc)
+test_keep_session (void)
 {
 	CK_SESSION_HANDLE session;
 	P11KitIter *iter;
 	CK_RV rv;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	iter = p11_kit_iter_new (NULL);
 	p11_kit_iter_begin_with (iter, &mock_module, 0, 0);
 
 	rv = p11_kit_iter_next (iter);
-	CuAssertTrue (tc, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	session = p11_kit_iter_keep_session (iter);
 	p11_kit_iter_free (iter);
 
 	/* The session is still valid ... */
 	rv = mock_module.C_CloseSession (session);
-	CuAssertTrue (tc, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_unrecognized (CuTest *tc)
+test_unrecognized (void)
 {
 	CK_FUNCTION_LIST_PTR *modules;
 	P11KitIter *iter;
@@ -451,7 +449,7 @@ test_unrecognized (CuTest *tc)
 	CK_RV rv;
 	int count;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	uri = p11_kit_uri_new ();
 	p11_kit_uri_set_unrecognized (uri, 1);
@@ -464,18 +462,18 @@ test_unrecognized (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		count++;
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Nothing should have matched */
-	CuAssertIntEquals (tc, 0, count);
+	assert_num_eq (0, count);
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
-test_uri_with_type (CuTest *tc)
+test_uri_with_type (void)
 {
 	CK_OBJECT_HANDLE objects[128];
 	CK_FUNCTION_LIST_PTR *modules;
@@ -485,11 +483,11 @@ test_uri_with_type (CuTest *tc)
 	int at;
 	int ret;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	uri = p11_kit_uri_new ();
 	ret = p11_kit_uri_parse ("pkcs11:object-type=public", P11_KIT_URI_FOR_OBJECT, uri);
-	CuAssertIntEquals (tc, ret, P11_KIT_URI_OK);
+	assert_num_eq (ret, P11_KIT_URI_OK);
 
 	iter = p11_kit_iter_new (uri);
 	p11_kit_uri_free (uri);
@@ -498,29 +496,29 @@ test_uri_with_type (CuTest *tc)
 
 	at = 0;
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		CuAssertTrue (tc, at < 128);
+		assert (at < 128);
 		objects[at] = p11_kit_iter_get_object (iter);
 		at++;
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Three modules, each with 1 slot, and 2 public keys */
-	CuAssertIntEquals (tc, 6, at);
+	assert_num_eq (6, at);
 
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_DATA_OBJECT));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
+	assert (!has_handle (objects, at, MOCK_DATA_OBJECT));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
-test_filter (CuTest *tc)
+test_filter (void)
 {
 	CK_OBJECT_HANDLE objects[128];
 	CK_FUNCTION_LIST_PTR *modules;
@@ -535,7 +533,7 @@ test_filter (CuTest *tc)
 		{ CKA_CLASS, &public_key, sizeof (public_key) },
 	};
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	iter = p11_kit_iter_new (NULL);
 	p11_kit_iter_add_filter (iter, attrs, 2);
@@ -544,29 +542,29 @@ test_filter (CuTest *tc)
 
 	at = 0;
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
-		CuAssertTrue (tc, at < 128);
+		assert (at < 128);
 		objects[at] = p11_kit_iter_get_object (iter);
 		at++;
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Three modules, each with 1 slot, and 2 public keys */
-	CuAssertIntEquals (tc, 6, at);
+	assert_num_eq (6, at);
 
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_DATA_OBJECT));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
-	CuAssertTrue (tc, !has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
-	CuAssertTrue (tc, has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
+	assert (!has_handle (objects, at, MOCK_DATA_OBJECT));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_CAPITALIZE));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_CAPITALIZE));
+	assert (!has_handle (objects, at, MOCK_PRIVATE_KEY_PREFIX));
+	assert (has_handle (objects, at, MOCK_PUBLIC_KEY_PREFIX));
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
-test_session_flags (CuTest *tc)
+test_session_flags (void)
 {
 	CK_FUNCTION_LIST_PTR *modules;
 	CK_FUNCTION_LIST_PTR module;
@@ -575,7 +573,7 @@ test_session_flags (CuTest *tc)
 	P11KitIter *iter;
 	CK_RV rv;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	iter = p11_kit_iter_new (NULL);
 	p11_kit_iter_set_session_flags (iter, CKF_RW_SESSION);
@@ -584,26 +582,26 @@ test_session_flags (CuTest *tc)
 
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
 		module = p11_kit_iter_get_module (iter);
-		CuAssertPtrNotNull (tc, module);
+		assert_ptr_not_null (module);
 
 		session = p11_kit_iter_get_session (iter);
-		CuAssertTrue (tc, session != 0);
+		assert (session != 0);
 
 		rv = (module->C_GetSessionInfo) (session, &info);
-		CuAssertTrue (tc, rv == CKR_OK);
+		assert (rv == CKR_OK);
 
-		CuAssertIntEquals (tc, CKS_RW_PUBLIC_SESSION, info.state);
+		assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state);
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
-test_module_match (CuTest *tc)
+test_module_match (void)
 {
 	CK_FUNCTION_LIST_PTR *modules;
 	P11KitIter *iter;
@@ -612,11 +610,11 @@ test_module_match (CuTest *tc)
 	int count;
 	int ret;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	uri = p11_kit_uri_new ();
 	ret = p11_kit_uri_parse ("pkcs11:library-description=MOCK%20LIBRARY", P11_KIT_URI_FOR_MODULE, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	iter = p11_kit_iter_new (uri);
 	p11_kit_uri_free (uri);
@@ -627,18 +625,18 @@ test_module_match (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		count++;
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Three modules, each with 1 slot, and 3 public objects */
-	CuAssertIntEquals (tc, 9, count);
+	assert_num_eq (9, count);
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
-test_module_mismatch (CuTest *tc)
+test_module_mismatch (void)
 {
 	CK_FUNCTION_LIST_PTR *modules;
 	P11KitIter *iter;
@@ -647,11 +645,11 @@ test_module_mismatch (CuTest *tc)
 	int count;
 	int ret;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	uri = p11_kit_uri_new ();
 	ret = p11_kit_uri_parse ("pkcs11:library-description=blah", P11_KIT_URI_FOR_MODULE, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	iter = p11_kit_iter_new (uri);
 	p11_kit_uri_free (uri);
@@ -662,18 +660,18 @@ test_module_mismatch (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		count++;
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Nothing should have matched */
-	CuAssertIntEquals (tc, 0, count);
+	assert_num_eq (0, count);
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
-test_token_match (CuTest *tc)
+test_token_match (void)
 {
 	CK_FUNCTION_LIST_PTR *modules;
 	P11KitIter *iter;
@@ -682,11 +680,11 @@ test_token_match (CuTest *tc)
 	int count;
 	int ret;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	uri = p11_kit_uri_new ();
 	ret = p11_kit_uri_parse ("pkcs11:manufacturer=TEST%20MANUFACTURER", P11_KIT_URI_FOR_TOKEN, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	iter = p11_kit_iter_new (uri);
 	p11_kit_uri_free (uri);
@@ -697,18 +695,18 @@ test_token_match (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		count++;
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Three modules, each with 1 slot, and 3 public objects */
-	CuAssertIntEquals (tc, 9, count);
+	assert_num_eq (9, count);
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
-test_token_mismatch (CuTest *tc)
+test_token_mismatch (void)
 {
 	CK_FUNCTION_LIST_PTR *modules;
 	P11KitIter *iter;
@@ -717,11 +715,11 @@ test_token_mismatch (CuTest *tc)
 	int count;
 	int ret;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	uri = p11_kit_uri_new ();
 	ret = p11_kit_uri_parse ("pkcs11:manufacturer=blah", P11_KIT_URI_FOR_TOKEN, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	iter = p11_kit_iter_new (uri);
 	p11_kit_uri_free (uri);
@@ -732,26 +730,27 @@ test_token_mismatch (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		count++;
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Nothing should have matched */
-	CuAssertIntEquals (tc, 0, count);
+	assert_num_eq (0, count);
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
-test_getslotlist_fail_first (CuTest *tc)
+test_getslotlist_fail_first (void)
 {
 	CK_FUNCTION_LIST module;
 	P11KitIter *iter;
 	CK_RV rv;
 	int at;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
 	module.C_GetSlotList = mock_C_GetSlotList__fail_first;
@@ -763,27 +762,28 @@ test_getslotlist_fail_first (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		at++;
 
-	CuAssertTrue (tc, rv == CKR_VENDOR_DEFINED);
+	assert (rv == CKR_VENDOR_DEFINED);
 
 	/* Should fail on the first iteration */
-	CuAssertIntEquals (tc, 0, at);
+	assert_num_eq (0, at);
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_getslotlist_fail_late (CuTest *tc)
+test_getslotlist_fail_late (void)
 {
 	CK_FUNCTION_LIST module;
 	P11KitIter *iter;
 	CK_RV rv;
 	int at;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
 	module.C_GetSlotList = mock_C_GetSlotList__fail_late;
@@ -795,27 +795,28 @@ test_getslotlist_fail_late (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		at++;
 
-	CuAssertTrue (tc, rv == CKR_VENDOR_DEFINED);
+	assert (rv == CKR_VENDOR_DEFINED);
 
 	/* Should fail on the first iteration */
-	CuAssertIntEquals (tc, 0, at);
+	assert_num_eq (0, at);
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_open_session_fail (CuTest *tc)
+test_open_session_fail (void)
 {
 	CK_FUNCTION_LIST module;
 	P11KitIter *iter;
 	CK_RV rv;
 	int at;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
 	module.C_OpenSession = mock_C_OpenSession__fails;
@@ -827,27 +828,28 @@ test_open_session_fail (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		at++;
 
-	CuAssertTrue (tc, rv == CKR_DEVICE_ERROR);
+	assert (rv == CKR_DEVICE_ERROR);
 
 	/* Should fail on the first iteration */
-	CuAssertIntEquals (tc, 0, at);
+	assert_num_eq (0, at);
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_find_init_fail (CuTest *tc)
+test_find_init_fail (void)
 {
 	CK_FUNCTION_LIST module;
 	P11KitIter *iter;
 	CK_RV rv;
 	int at;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
 	module.C_FindObjectsInit = mock_C_FindObjectsInit__fails;
@@ -859,27 +861,28 @@ test_find_init_fail (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		at++;
 
-	CuAssertTrue (tc, rv == CKR_DEVICE_MEMORY);
+	assert (rv == CKR_DEVICE_MEMORY);
 
 	/* Should fail on the first iteration */
-	CuAssertIntEquals (tc, 0, at);
+	assert_num_eq (0, at);
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_find_objects_fail (CuTest *tc)
+test_find_objects_fail (void)
 {
 	CK_FUNCTION_LIST module;
 	P11KitIter *iter;
 	CK_RV rv;
 	int at;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
 	module.C_FindObjects = mock_C_FindObjects__fails;
@@ -891,19 +894,19 @@ test_find_objects_fail (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK)
 		at++;
 
-	CuAssertTrue (tc, rv == CKR_DEVICE_REMOVED);
+	assert (rv == CKR_DEVICE_REMOVED);
 
 	/* Should fail on the first iteration */
-	CuAssertIntEquals (tc, 0, at);
+	assert_num_eq (0, at);
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_load_attributes (CuTest *tc)
+test_load_attributes (void)
 {
 	CK_FUNCTION_LIST_PTR *modules;
 	P11KitIter *iter;
@@ -918,7 +921,7 @@ test_load_attributes (CuTest *tc)
 		{ CKA_LABEL },
 	};
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	iter = p11_kit_iter_new (NULL);
 	p11_kit_iter_begin (iter, modules);
@@ -928,24 +931,24 @@ test_load_attributes (CuTest *tc)
 	at = 0;
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
 		rv = p11_kit_iter_load_attributes (iter, attrs, 2);
-		CuAssertTrue (tc, rv == CKR_OK);
+		assert (rv == CKR_OK);
 
 		object = p11_kit_iter_get_object (iter);
 		switch (object) {
 		case MOCK_DATA_OBJECT:
-			CuAssertTrue (tc, p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA);
-			CuAssertTrue (tc, p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1));
+			assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_DATA);
+			assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "TEST LABEL", -1));
 			break;
 		case MOCK_PUBLIC_KEY_CAPITALIZE:
-			CuAssertTrue (tc, p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY);
-			CuAssertTrue (tc, p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1));
+			assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY);
+			assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public Capitalize Key", -1));
 			break;
 		case MOCK_PUBLIC_KEY_PREFIX:
-			CuAssertTrue (tc, p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY);
-			CuAssertTrue (tc, p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1));
+			assert (p11_attrs_find_ulong (attrs, CKA_CLASS, &ulong) && ulong == CKO_PUBLIC_KEY);
+			assert (p11_attr_match_value (p11_attrs_find (attrs, CKA_LABEL), "Public prefix key", -1));
 			break;
 		default:
-			CuFail (tc, "Unknown object matched");
+			assert_fail ("Unknown object matched", NULL);
 			break;
 		}
 
@@ -954,26 +957,27 @@ test_load_attributes (CuTest *tc)
 
 	p11_attrs_free (attrs);
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	/* Three modules, each with 1 slot, and 3 public objects */
-	CuAssertIntEquals (tc, 9, at);
+	assert_num_eq (9, at);
 
 	p11_kit_iter_free (iter);
 
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static void
-test_load_attributes_none (CuTest *tc)
+test_load_attributes_none (void)
 {
 	CK_FUNCTION_LIST module;
 	P11KitIter *iter;
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
 
@@ -983,20 +987,20 @@ test_load_attributes_none (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
 		attrs = p11_attrs_buildn (NULL, NULL, 0);
 		rv = p11_kit_iter_load_attributes (iter, attrs, 0);
-		CuAssertTrue (tc, rv == CKR_OK);
+		assert (rv == CKR_OK);
 		p11_attrs_free (attrs);
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_load_attributes_fail_first (CuTest *tc)
+test_load_attributes_fail_first (void)
 {
 	CK_ATTRIBUTE label = { CKA_LABEL, };
 	CK_FUNCTION_LIST module;
@@ -1004,8 +1008,9 @@ test_load_attributes_fail_first (CuTest *tc)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
 	module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_first;
@@ -1016,20 +1021,20 @@ test_load_attributes_fail_first (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
 		attrs = p11_attrs_build (NULL, &label, NULL);
 		rv = p11_kit_iter_load_attributes (iter, attrs, 1);
-		CuAssertTrue (tc, rv == CKR_FUNCTION_REJECTED);
+		assert (rv == CKR_FUNCTION_REJECTED);
 		p11_attrs_free (attrs);
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_load_attributes_fail_late (CuTest *tc)
+test_load_attributes_fail_late (void)
 {
 	CK_ATTRIBUTE label = { CKA_LABEL, };
 	CK_FUNCTION_LIST module;
@@ -1037,8 +1042,9 @@ test_load_attributes_fail_late (CuTest *tc)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	rv = p11_kit_initialize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	mock_module_reset ();
+	rv = mock_module.C_Initialize (NULL);
+	assert (rv == CKR_OK);
 
 	memcpy (&module, &mock_module, sizeof (CK_FUNCTION_LIST));
 	module.C_GetAttributeValue = mock_C_GetAttributeValue__fail_late;
@@ -1049,61 +1055,50 @@ test_load_attributes_fail_late (CuTest *tc)
 	while ((rv = p11_kit_iter_next (iter)) == CKR_OK) {
 		attrs = p11_attrs_build (NULL, &label, NULL);
 		rv = p11_kit_iter_load_attributes (iter, attrs, 1);
-		CuAssertTrue (tc, rv == CKR_FUNCTION_FAILED);
+		assert (rv == CKR_FUNCTION_FAILED);
 		p11_attrs_free (attrs);
 	}
 
-	CuAssertTrue (tc, rv == CKR_CANCEL);
+	assert (rv == CKR_CANCEL);
 
 	p11_kit_iter_free (iter);
 
-	rv = p11_kit_finalize_module (&mock_module);
-	CuAssertTrue (tc, rv == CKR_OK);
+	rv = mock_module.C_Finalize (NULL);
+	assert (rv == CKR_OK);
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
 	p11_library_init ();
 	mock_module_init ();
 
-	SUITE_ADD_TEST (suite, test_all);
-	SUITE_ADD_TEST (suite, test_unrecognized);
-	SUITE_ADD_TEST (suite, test_uri_with_type);
-	SUITE_ADD_TEST (suite, test_session_flags);
-	SUITE_ADD_TEST (suite, test_callback);
-	SUITE_ADD_TEST (suite, test_callback_fails);
-	SUITE_ADD_TEST (suite, test_callback_destroyer);
-	SUITE_ADD_TEST (suite, test_filter);
-	SUITE_ADD_TEST (suite, test_with_session);
-	SUITE_ADD_TEST (suite, test_with_slot);
-	SUITE_ADD_TEST (suite, test_with_module);
-	SUITE_ADD_TEST (suite, test_keep_session);
-	SUITE_ADD_TEST (suite, test_token_match);
-	SUITE_ADD_TEST (suite, test_token_mismatch);
-	SUITE_ADD_TEST (suite, test_module_match);
-	SUITE_ADD_TEST (suite, test_module_mismatch);
-	SUITE_ADD_TEST (suite, test_getslotlist_fail_first);
-	SUITE_ADD_TEST (suite, test_getslotlist_fail_late);
-	SUITE_ADD_TEST (suite, test_open_session_fail);
-	SUITE_ADD_TEST (suite, test_find_init_fail);
-	SUITE_ADD_TEST (suite, test_find_objects_fail);
-	SUITE_ADD_TEST (suite, test_load_attributes);
-	SUITE_ADD_TEST (suite, test_load_attributes_none);
-	SUITE_ADD_TEST (suite, test_load_attributes_fail_first);
-	SUITE_ADD_TEST (suite, test_load_attributes_fail_late);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-	return ret;
+	p11_test (test_all, "/iter/test_all");
+	p11_test (test_unrecognized, "/iter/test_unrecognized");
+	p11_test (test_uri_with_type, "/iter/test_uri_with_type");
+	p11_test (test_session_flags, "/iter/test_session_flags");
+	p11_test (test_callback, "/iter/test_callback");
+	p11_test (test_callback_fails, "/iter/test_callback_fails");
+	p11_test (test_callback_destroyer, "/iter/test_callback_destroyer");
+	p11_test (test_filter, "/iter/test_filter");
+	p11_test (test_with_session, "/iter/test_with_session");
+	p11_test (test_with_slot, "/iter/test_with_slot");
+	p11_test (test_with_module, "/iter/test_with_module");
+	p11_test (test_keep_session, "/iter/test_keep_session");
+	p11_test (test_token_match, "/iter/test_token_match");
+	p11_test (test_token_mismatch, "/iter/test_token_mismatch");
+	p11_test (test_module_match, "/iter/test_module_match");
+	p11_test (test_module_mismatch, "/iter/test_module_mismatch");
+	p11_test (test_getslotlist_fail_first, "/iter/test_getslotlist_fail_first");
+	p11_test (test_getslotlist_fail_late, "/iter/test_getslotlist_fail_late");
+	p11_test (test_open_session_fail, "/iter/test_open_session_fail");
+	p11_test (test_find_init_fail, "/iter/test_find_init_fail");
+	p11_test (test_find_objects_fail, "/iter/test_find_objects_fail");
+	p11_test (test_load_attributes, "/iter/test_load_attributes");
+	p11_test (test_load_attributes_none, "/iter/test_load_attributes_none");
+	p11_test (test_load_attributes_fail_first, "/iter/test_load_attributes_fail_first");
+	p11_test (test_load_attributes_fail_late, "/iter/test_load_attributes_fail_late");
+
+	return p11_test_run (argc, argv);
 }
diff --git a/p11-kit/tests/test-log.c b/p11-kit/tests/test-log.c
new file mode 100644
index 0000000..e7dab70
--- /dev/null
+++ b/p11-kit/tests/test-log.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright (c) 2013 Red Hat Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#include "config.h"
+#include "test.h"
+
+#include "dict.h"
+#include "library.h"
+#include "log.h"
+#include "mock.h"
+#include "modules.h"
+#include "p11-kit.h"
+#include "virtual.h"
+
+#include 
+#include 
+#include 
+#include 
+
+static CK_FUNCTION_LIST_PTR
+setup_mock_module (CK_SESSION_HANDLE *session)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_RV rv;
+
+	p11_lock ();
+	p11_log_force = true;
+
+	rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module);
+	assert (rv == CKR_OK);
+	assert_ptr_not_null (module);
+	assert (p11_virtual_is_wrapper (module));
+
+	p11_unlock ();
+
+	rv = p11_kit_module_initialize (module);
+	assert (rv == CKR_OK);
+
+	if (session) {
+		rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID,
+		                              CKF_RW_SESSION | CKF_SERIAL_SESSION,
+		                              NULL, NULL, session);
+		assert (rv == CKR_OK);
+	}
+
+	return module;
+}
+
+static void
+teardown_mock_module (CK_FUNCTION_LIST_PTR module)
+{
+	CK_RV rv;
+
+	rv = p11_kit_module_finalize (module);
+	assert (rv == CKR_OK);
+
+	p11_lock ();
+
+	rv = p11_module_release_inlock_reentrant (module);
+	assert (rv == CKR_OK);
+
+	p11_unlock ();
+}
+
+/* Bring in all the mock module tests */
+#include "test-mock.c"
+
+int
+main (int argc,
+      char *argv[])
+{
+	p11_library_init ();
+	mock_module_init ();
+
+	test_mock_add_tests ("/log");
+
+	p11_kit_be_quiet ();
+	p11_log_output = false;
+
+	return p11_test_run (argc, argv);
+}
diff --git a/p11-kit/tests/test-managed.c b/p11-kit/tests/test-managed.c
new file mode 100644
index 0000000..9fc9ffb
--- /dev/null
+++ b/p11-kit/tests/test-managed.c
@@ -0,0 +1,215 @@
+/*
+ * Copyright (c) 2012 Red Hat Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#include "config.h"
+#include "test.h"
+
+#include "dict.h"
+#include "library.h"
+#include "mock.h"
+#include "modules.h"
+#include "p11-kit.h"
+#include "virtual.h"
+
+#include 
+#include 
+#include 
+#include 
+
+static CK_FUNCTION_LIST_PTR
+setup_mock_module (CK_SESSION_HANDLE *session)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_RV rv;
+
+	p11_lock ();
+
+	rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module);
+	assert (rv == CKR_OK);
+	assert_ptr_not_null (module);
+	assert (p11_virtual_is_wrapper (module));
+
+	p11_unlock ();
+
+	rv = p11_kit_module_initialize (module);
+	assert (rv == CKR_OK);
+
+	if (session) {
+		rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID,
+		                              CKF_RW_SESSION | CKF_SERIAL_SESSION,
+		                              NULL, NULL, session);
+		assert (rv == CKR_OK);
+	}
+
+	return module;
+}
+
+static void
+teardown_mock_module (CK_FUNCTION_LIST_PTR module)
+{
+	CK_RV rv;
+
+	rv = p11_kit_module_finalize (module);
+	assert (rv == CKR_OK);
+
+	p11_lock ();
+
+	rv = p11_module_release_inlock_reentrant (module);
+	assert (rv == CKR_OK);
+
+	p11_unlock ();
+}
+
+static CK_RV
+fail_C_Initialize (void *init_reserved)
+{
+	return CKR_FUNCTION_FAILED;
+}
+
+static void
+test_initialize_finalize (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_RV rv;
+
+	p11_lock ();
+
+	rv = p11_module_load_inlock_reentrant (&mock_module, 0, &module);
+	assert (rv == CKR_OK);
+	assert_ptr_not_null (module);
+	assert (p11_virtual_is_wrapper (module));
+
+	p11_unlock ();
+
+	rv = module->C_Initialize (NULL);
+	assert (rv == CKR_OK);
+
+	rv = module->C_Initialize (NULL);
+	assert (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED);
+
+	rv = module->C_Finalize (NULL);
+	assert (rv == CKR_OK);
+
+	rv = module->C_Finalize (NULL);
+	assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED);
+
+	p11_lock ();
+
+	rv = p11_module_release_inlock_reentrant (module);
+	assert (rv == CKR_OK);
+
+	p11_unlock ();
+}
+
+static void
+test_initialize_fail (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_FUNCTION_LIST base;
+	CK_RV rv;
+
+	memcpy (&base, &mock_module, sizeof (CK_FUNCTION_LIST));
+	base.C_Initialize = fail_C_Initialize;
+
+	p11_lock ();
+
+	rv = p11_module_load_inlock_reentrant (&base, 0, &module);
+	assert (rv == CKR_OK);
+
+	p11_unlock ();
+
+	rv = p11_kit_module_initialize (module);
+	assert (rv == CKR_FUNCTION_FAILED);
+}
+
+static void
+test_separate_close_all_sessions (void)
+{
+	CK_FUNCTION_LIST *first;
+	CK_FUNCTION_LIST *second;
+	CK_SESSION_HANDLE s1;
+	CK_SESSION_HANDLE s2;
+	CK_SESSION_INFO info;
+	CK_RV rv;
+
+	first = setup_mock_module (&s1);
+	second = setup_mock_module (&s2);
+
+	rv = first->C_GetSessionInfo (s1, &info);
+	assert (rv == CKR_OK);
+
+	rv = second->C_GetSessionInfo (s2, &info);
+	assert (rv == CKR_OK);
+
+	first->C_CloseAllSessions (MOCK_SLOT_ONE_ID);
+	assert (rv == CKR_OK);
+
+	rv = first->C_GetSessionInfo (s1, &info);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = second->C_GetSessionInfo (s2, &info);
+	assert (rv == CKR_OK);
+
+	second->C_CloseAllSessions (MOCK_SLOT_ONE_ID);
+	assert (rv == CKR_OK);
+
+	rv = first->C_GetSessionInfo (s1, &info);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = second->C_GetSessionInfo (s2, &info);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	teardown_mock_module (first);
+	teardown_mock_module (second);
+}
+
+/* Bring in all the mock module tests */
+#include "test-mock.c"
+
+int
+main (int argc,
+      char *argv[])
+{
+	mock_module_init ();
+	p11_library_init ();
+
+	p11_test (test_initialize_finalize, "/managed/test_initialize_finalize");
+	p11_test (test_initialize_fail, "/managed/test_initialize_fail");
+	p11_test (test_separate_close_all_sessions, "/managed/test_separate_close_all_sessions");
+	test_mock_add_tests ("/managed");
+
+	p11_kit_be_quiet ();
+
+	return p11_test_run (argc, argv);
+}
diff --git a/p11-kit/tests/test-mock.c b/p11-kit/tests/test-mock.c
new file mode 100644
index 0000000..5fba7ec
--- /dev/null
+++ b/p11-kit/tests/test-mock.c
@@ -0,0 +1,1679 @@
+/*
+ * Copyright (c) 2012 Stefan Walter
+ * Copyright (c) 2012-2013 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#include "test.h"
+
+#include "library.h"
+#include "mock.h"
+#include "p11-kit.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+static void
+test_get_info (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_INFO info;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_GetInfo) (&info);
+	assert (rv == CKR_OK);
+	assert (memcmp (&info, &MOCK_INFO, sizeof (CK_INFO)) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_get_slot_list (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SLOT_ID slot_list[8];
+	CK_ULONG count = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	/* Normal module has 2 slots, one with token present */
+	rv = (module->C_GetSlotList) (CK_TRUE, NULL, &count);
+	assert (rv == CKR_OK);
+	assert_num_eq (MOCK_SLOTS_PRESENT, count);
+	rv = (module->C_GetSlotList) (CK_FALSE, NULL, &count);
+	assert (rv == CKR_OK);
+	assert_num_eq (MOCK_SLOTS_ALL, count);
+
+	count = 8;
+	rv = (module->C_GetSlotList) (CK_TRUE, slot_list, &count);
+	assert (rv == CKR_OK);
+	assert_num_eq (MOCK_SLOTS_PRESENT, count);
+	assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]);
+
+	count = 8;
+	rv = (module->C_GetSlotList) (CK_FALSE, slot_list, &count);
+	assert (rv == CKR_OK);
+	assert_num_eq (MOCK_SLOTS_ALL, count);
+	assert_num_eq (MOCK_SLOT_ONE_ID, slot_list[0]);
+	assert_num_eq (MOCK_SLOT_TWO_ID, slot_list[1]);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_get_slot_info (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SLOT_INFO info;
+	char *string;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_GetSlotInfo) (MOCK_SLOT_ONE_ID, &info);
+	assert (rv == CKR_OK);
+	string = p11_kit_space_strdup (info.slotDescription, sizeof (info.slotDescription));
+	assert_str_eq ("TEST SLOT", string);
+	free (string);
+	string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID));
+	assert_str_eq ("TEST MANUFACTURER", string);
+	free (string);
+	assert_num_eq (CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE, info.flags);
+	assert_num_eq (55, info.hardwareVersion.major);
+	assert_num_eq (155, info.hardwareVersion.minor);
+	assert_num_eq (65, info.firmwareVersion.major);
+	assert_num_eq (165, info.firmwareVersion.minor);
+
+	rv = (module->C_GetSlotInfo) (MOCK_SLOT_TWO_ID, &info);
+	assert (rv == CKR_OK);
+	assert_num_eq (CKF_REMOVABLE_DEVICE, info.flags);
+
+	rv = (module->C_GetSlotInfo) (0, &info);
+	assert (rv == CKR_SLOT_ID_INVALID);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_get_token_info (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_TOKEN_INFO info;
+	char *string;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_GetTokenInfo) (MOCK_SLOT_ONE_ID, &info);
+	assert (rv == CKR_OK);
+
+	string = p11_kit_space_strdup (info.label, sizeof (info.label));
+	assert_str_eq ("TEST LABEL", string);
+	free (string);
+	string = p11_kit_space_strdup (info.manufacturerID, sizeof (info.manufacturerID));
+	assert_str_eq ("TEST MANUFACTURER", string);
+	free (string);
+	string = p11_kit_space_strdup (info.model, sizeof (info.model));
+	assert_str_eq ("TEST MODEL", string);
+	free (string);
+	string = p11_kit_space_strdup (info.serialNumber, sizeof (info.serialNumber));
+	assert_str_eq ("TEST SERIAL", string);
+	free (string);
+	assert_num_eq (CKF_LOGIN_REQUIRED | CKF_USER_PIN_INITIALIZED | CKF_CLOCK_ON_TOKEN | CKF_TOKEN_INITIALIZED, info.flags);
+	assert_num_eq (1, info.ulMaxSessionCount);
+	assert_num_eq (2, info.ulSessionCount);
+	assert_num_eq (3, info.ulMaxRwSessionCount);
+	assert_num_eq (4, info.ulRwSessionCount);
+	assert_num_eq (5, info.ulMaxPinLen);
+	assert_num_eq (6, info.ulMinPinLen);
+	assert_num_eq (7, info.ulTotalPublicMemory);
+	assert_num_eq (8, info.ulFreePublicMemory);
+	assert_num_eq (9, info.ulTotalPrivateMemory);
+	assert_num_eq (10, info.ulFreePrivateMemory);
+	assert_num_eq (75, info.hardwareVersion.major);
+	assert_num_eq (175, info.hardwareVersion.minor);
+	assert_num_eq (85, info.firmwareVersion.major);
+	assert_num_eq (185, info.firmwareVersion.minor);
+	assert (memcmp (info.utcTime, "1999052509195900", sizeof (info.utcTime)) == 0);
+
+	rv = (module->C_GetTokenInfo) (MOCK_SLOT_TWO_ID, &info);
+	assert (rv == CKR_TOKEN_NOT_PRESENT);
+
+	rv = (module->C_GetTokenInfo) (0, &info);
+	assert (rv == CKR_SLOT_ID_INVALID);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_get_mechanism_list (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_MECHANISM_TYPE mechs[8];
+	CK_ULONG count = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, NULL, &count);
+	assert (rv == CKR_OK);
+	assert_num_eq (2, count);
+	rv = (module->C_GetMechanismList) (MOCK_SLOT_TWO_ID, NULL, &count);
+	assert (rv == CKR_TOKEN_NOT_PRESENT);
+	rv = (module->C_GetMechanismList) (0, NULL, &count);
+	assert (rv == CKR_SLOT_ID_INVALID);
+
+	count = 8;
+	rv = (module->C_GetMechanismList) (MOCK_SLOT_ONE_ID, mechs, &count);
+	assert (rv == CKR_OK);
+	assert_num_eq (2, count);
+	assert_num_eq (mechs[0], CKM_MOCK_CAPITALIZE);
+	assert_num_eq (mechs[1], CKM_MOCK_PREFIX);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_get_mechanism_info (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_MECHANISM_INFO info;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_CAPITALIZE, &info);
+	assert (rv == CKR_OK);
+	assert_num_eq (512, info.ulMinKeySize);
+	assert_num_eq (4096, info.ulMaxKeySize);
+	assert_num_eq (CKF_ENCRYPT | CKF_DECRYPT, info.flags);
+
+	rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, CKM_MOCK_PREFIX, &info);
+	assert (rv == CKR_OK);
+	assert_num_eq (2048, info.ulMinKeySize);
+	assert_num_eq (2048, info.ulMaxKeySize);
+	assert_num_eq (CKF_SIGN | CKF_VERIFY, info.flags);
+
+	rv = (module->C_GetMechanismInfo) (MOCK_SLOT_TWO_ID, CKM_MOCK_PREFIX, &info);
+	assert (rv == CKR_TOKEN_NOT_PRESENT);
+	rv = (module->C_GetMechanismInfo) (MOCK_SLOT_ONE_ID, 0, &info);
+	assert (rv == CKR_MECHANISM_INVALID);
+	rv = (module->C_GetMechanismInfo) (0, CKM_MOCK_PREFIX, &info);
+	assert (rv == CKR_SLOT_ID_INVALID);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_init_token (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");
+	assert (rv == CKR_OK);
+
+	rv = (module->C_InitToken) (MOCK_SLOT_ONE_ID, (CK_UTF8CHAR_PTR)"OTHER", 5, (CK_UTF8CHAR_PTR)"TEST LABEL");
+	assert (rv == CKR_PIN_INVALID);
+	rv = (module->C_InitToken) (MOCK_SLOT_TWO_ID, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");
+	assert (rv == CKR_TOKEN_NOT_PRESENT);
+	rv = (module->C_InitToken) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8, (CK_UTF8CHAR_PTR)"TEST LABEL");
+	assert (rv == CKR_SLOT_ID_INVALID);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_wait_for_slot_event (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SLOT_ID slot;
+	CK_RV rv;
+
+#ifdef MOCK_SKIP_WAIT_TEST
+	return;
+#endif
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_WaitForSlotEvent) (0, &slot, NULL);
+	assert (rv == CKR_OK);
+	assert_num_eq (slot, MOCK_SLOT_TWO_ID);
+
+	rv = (module->C_WaitForSlotEvent) (CKF_DONT_BLOCK, &slot, NULL);
+	assert (rv == CKR_NO_EVENT);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_open_close_session (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_OpenSession) (MOCK_SLOT_TWO_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
+	assert (rv == CKR_TOKEN_NOT_PRESENT);
+	rv = (module->C_OpenSession) (0, CKF_SERIAL_SESSION, NULL, NULL, &session);
+	assert (rv == CKR_SLOT_ID_INVALID);
+
+	rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
+	assert (rv == CKR_OK);
+	assert (session != 0);
+
+	rv = (module->C_CloseSession) (session);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_CloseSession) (session);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_close_all_sessions (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
+	assert (rv == CKR_OK);
+	assert (session != 0);
+
+	rv = (module->C_CloseAllSessions) (MOCK_SLOT_ONE_ID);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_CloseSession) (session);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_get_function_status (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_GetFunctionStatus) (session);
+	assert (rv == CKR_FUNCTION_NOT_PARALLEL);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_cancel_function (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_CancelFunction) (session);
+	assert (rv == CKR_FUNCTION_NOT_PARALLEL);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_get_session_info (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_SESSION_INFO info;
+	CK_RV rv;
+
+	module = setup_mock_module (NULL);
+
+	rv = (module->C_GetSessionInfo) (0, &info);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_SERIAL_SESSION, NULL, NULL, &session);
+	assert (rv == CKR_OK);
+	assert (session != 0);
+
+	rv = (module->C_GetSessionInfo) (session, &info);
+	assert (rv == CKR_OK);
+	assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID);
+	assert_num_eq (CKS_RO_PUBLIC_SESSION, info.state);
+	assert_num_eq (CKF_SERIAL_SESSION, info.flags);
+	assert_num_eq (1414, info.ulDeviceError);
+
+	rv = (module->C_OpenSession) (MOCK_SLOT_ONE_ID, CKF_RW_SESSION | CKF_SERIAL_SESSION, NULL, NULL, &session);
+	assert (rv == CKR_OK);
+	assert (session != 0);
+
+	rv = (module->C_GetSessionInfo) (session, &info);
+	assert (rv == CKR_OK);
+	assert_num_eq (MOCK_SLOT_ONE_ID, info.slotID);
+	assert_num_eq (CKS_RW_PUBLIC_SESSION, info.state);
+	assert_num_eq (CKF_SERIAL_SESSION | CKF_RW_SESSION, info.flags);
+	assert_num_eq (1414, info.ulDeviceError);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_init_pin (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_InitPIN) (0, (CK_UTF8CHAR_PTR)"TEST PIN", 8);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"TEST PIN", 8);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_InitPIN) (session, (CK_UTF8CHAR_PTR)"OTHER", 5);
+	assert (rv == CKR_PIN_INVALID);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_set_pin (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_SetPIN) (0, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"booo", 4, (CK_UTF8CHAR_PTR)"TEST PIN", 8);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_SetPIN) (session, (CK_UTF8CHAR_PTR)"other", 5, (CK_UTF8CHAR_PTR)"OTHER", 5);
+	assert (rv == CKR_PIN_INCORRECT);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_operation_state (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_BYTE state[128];
+	CK_ULONG state_len;
+	CK_SESSION_HANDLE session = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	state_len = sizeof (state);
+	rv = (module->C_GetOperationState) (0, state, &state_len);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	state_len = sizeof (state);
+	rv = (module->C_GetOperationState) (session, state, &state_len);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_SetOperationState) (session, state, state_len, 355, 455);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_SetOperationState) (0, state, state_len, 355, 455);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_login_logout (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_Login) (0, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"bo", 2);
+	assert (rv == CKR_PIN_INCORRECT);
+
+	rv = (module->C_Login) (session, CKU_USER, (CK_UTF8CHAR_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_Logout) (session);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_Logout) (session);
+	assert (rv == CKR_USER_NOT_LOGGED_IN);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_get_attribute_value (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_ATTRIBUTE attrs[8];
+	char label[32];
+	CK_OBJECT_CLASS klass;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	attrs[0].type = CKA_CLASS;
+	attrs[0].pValue = &klass;
+	attrs[0].ulValueLen = sizeof (klass);
+	attrs[1].type = CKA_LABEL;
+	attrs[1].pValue = label;
+	attrs[1].ulValueLen = 2; /* too small */
+	attrs[2].type = CKA_BITS_PER_PIXEL;
+	attrs[2].pValue = NULL;
+	attrs[2].ulValueLen = 0;
+
+	rv = (module->C_GetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 3);
+	assert (rv == CKR_USER_NOT_LOGGED_IN);
+
+	rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2);
+	assert (rv == CKR_BUFFER_TOO_SMALL);
+
+	/* Get right size */
+	attrs[1].pValue = NULL;
+	attrs[1].ulValueLen = 0;
+
+	rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3);
+	assert (rv == CKR_ATTRIBUTE_TYPE_INVALID);
+
+	assert_num_eq (CKO_PUBLIC_KEY, klass);
+	assert_num_eq (21, attrs[1].ulValueLen);
+	assert_ptr_eq (NULL, attrs[1].pValue);
+	attrs[1].pValue = label;
+	attrs[1].ulValueLen = sizeof (label);
+	assert ((CK_ULONG)-1 == attrs[2].ulValueLen);
+	assert_ptr_eq (NULL, attrs[2].pValue);
+
+	rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 3);
+	assert (rv == CKR_ATTRIBUTE_TYPE_INVALID);
+
+	assert_num_eq (CKO_PUBLIC_KEY, klass);
+	assert_num_eq (21, attrs[1].ulValueLen);
+	assert_ptr_eq (label, attrs[1].pValue);
+	assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0);
+	assert ((CK_ULONG)-1 == attrs[2].ulValueLen);
+	assert_ptr_eq (NULL, attrs[2].pValue);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_set_attribute_value (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_ATTRIBUTE attrs[8];
+	char label[32];
+	CK_ULONG bits;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	strcpy (label, "Blahooo");
+	bits = 1555;
+
+	attrs[0].type = CKA_LABEL;
+	attrs[0].pValue = label;
+	attrs[0].ulValueLen = strlen (label);
+	attrs[1].type = CKA_BITS_PER_PIXEL;
+	attrs[1].pValue = &bits;
+	attrs[1].ulValueLen = sizeof (bits);
+
+	rv = (module->C_SetAttributeValue) (session, MOCK_PRIVATE_KEY_CAPITALIZE, attrs, 2);
+	assert (rv == CKR_USER_NOT_LOGGED_IN);
+
+	rv = (module->C_SetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2);
+	assert (rv == CKR_OK);
+
+	memset (label, 0, sizeof (label));
+	bits = 0;
+
+	rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 2);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (bits, 1555);
+	assert_num_eq (7, attrs[0].ulValueLen);
+	assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_create_object (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_OBJECT_HANDLE object;
+	CK_ATTRIBUTE attrs[8];
+	char label[32];
+	CK_ULONG bits;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	strcpy (label, "Blahooo");
+	bits = 1555;
+
+	attrs[0].type = CKA_LABEL;
+	attrs[0].pValue = label;
+	attrs[0].ulValueLen = strlen (label);
+	attrs[1].type = CKA_BITS_PER_PIXEL;
+	attrs[1].pValue = &bits;
+	attrs[1].ulValueLen = sizeof (bits);
+
+	rv = (module->C_CreateObject) (0, attrs, 2, &object);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_CreateObject) (session, attrs, 2, &object);
+	assert (rv == CKR_OK);
+
+	attrs[0].ulValueLen = sizeof (label);
+	memset (label, 0, sizeof (label));
+	bits = 0;
+
+	rv = (module->C_GetAttributeValue) (session, object, attrs, 2);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (bits, 1555);
+	assert_num_eq (7, attrs[0].ulValueLen);
+	assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_copy_object (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_OBJECT_HANDLE object;
+	CK_ATTRIBUTE attrs[8];
+	char label[32];
+	CK_ULONG bits;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	bits = 1555;
+
+	attrs[0].type = CKA_BITS_PER_PIXEL;
+	attrs[0].pValue = &bits;
+	attrs[0].ulValueLen = sizeof (bits);
+
+	rv = (module->C_CopyObject) (session, 1333, attrs, 1, &object);
+	assert (rv == CKR_OBJECT_HANDLE_INVALID);
+
+	rv = (module->C_CopyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1, &object);
+	assert (rv == CKR_OK);
+
+	attrs[1].type = CKA_LABEL;
+	attrs[1].pValue = label;
+	attrs[1].ulValueLen = sizeof (label);
+	bits = 0;
+
+	rv = (module->C_GetAttributeValue) (session, object, attrs, 2);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (bits, 1555);
+	assert_num_eq (21, attrs[1].ulValueLen);
+	assert (memcmp (label, "Public Capitalize Key", attrs[1].ulValueLen) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_destroy_object (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_ATTRIBUTE attrs[8];
+	char label[32];
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	attrs[0].type = CKA_LABEL;
+	attrs[0].pValue = label;
+	attrs[0].ulValueLen = sizeof (label);
+
+	rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_DestroyObject) (0, MOCK_PUBLIC_KEY_CAPITALIZE);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_DestroyObject) (session, MOCK_PUBLIC_KEY_CAPITALIZE);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_GetAttributeValue) (session, MOCK_PUBLIC_KEY_CAPITALIZE, attrs, 1);
+	assert (rv == CKR_OBJECT_HANDLE_INVALID);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_get_object_size (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_ULONG size;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_GetObjectSize) (session, 1333, &size);
+	assert (rv == CKR_OBJECT_HANDLE_INVALID);
+
+	rv = (module->C_GetObjectSize) (session, MOCK_PUBLIC_KEY_CAPITALIZE, &size);
+	assert (rv == CKR_OK);
+
+	/* The number here is the length of all attributes added up */
+	assert_num_eq (sizeof (CK_ULONG) == 8 ? 44 : 36, size);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_find_objects (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_OBJECT_CLASS klass = CKO_PUBLIC_KEY;
+	CK_ATTRIBUTE attr = { CKA_CLASS, &klass, sizeof (klass) };
+	CK_OBJECT_HANDLE objects[16];
+	CK_ULONG count;
+	CK_ULONG i;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_FindObjectsInit) (0, &attr, 1);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_FindObjectsInit) (session, &attr, 1);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_FindObjects) (0, objects, 16, &count);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_FindObjects) (session, objects, 16, &count);
+	assert (rv == CKR_OK);
+
+	assert (count < 16);
+
+	/* Make sure we get the capitalize public key */
+	for (i = 0; i < count; i++) {
+		if (objects[i] == MOCK_PUBLIC_KEY_CAPITALIZE)
+			break;
+	}
+	assert (i != count);
+
+	/* Make sure we get the prefix public key */
+	for (i = 0; i < count; i++) {
+		if (objects[i] == MOCK_PUBLIC_KEY_PREFIX)
+			break;
+	}
+	assert (i != count);
+
+	/* Make sure all public keys */
+	for (i = 0; i < count; i++) {
+		klass = (CK_ULONG)-1;
+		rv = (module->C_GetAttributeValue) (session, objects[i], &attr, 1);
+		assert (rv == CKR_OK);
+		assert_num_eq (CKO_PUBLIC_KEY, klass);
+	}
+
+	rv = (module->C_FindObjectsFinal) (session);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_FindObjectsFinal) (session);
+	assert (rv == CKR_OPERATION_NOT_INITIALIZED);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_encrypt (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
+	CK_BYTE data[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX);
+	assert (rv == CKR_KEY_HANDLE_INVALID);
+
+	rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_Encrypt) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_Encrypt) (session, (CK_BYTE_PTR)"blah", 4, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (4, length);
+	assert (memcmp (data, "BLAH", 4) == 0);
+
+	rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_EncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_EncryptUpdate) (session, (CK_BYTE_PTR)"sLurm", 5, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (5, length);
+	assert (memcmp (data, "SLURM", 5) == 0);
+
+	length = sizeof (data);
+	rv = (module->C_EncryptFinal) (0, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_EncryptFinal) (session, data, &length);
+	assert (rv == CKR_OK);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_decrypt (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
+	CK_BYTE data[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX);
+	assert (rv == CKR_KEY_HANDLE_INVALID);
+
+	rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_Decrypt) (0, (CK_BYTE_PTR)"bLAH", 4, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_Decrypt) (session, (CK_BYTE_PTR)"BLAh", 4, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (4, length);
+	assert (memcmp (data, "blah", 4) == 0);
+
+	rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (5, length);
+	assert (memcmp (data, "slurm", 5) == 0);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptFinal) (0, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptFinal) (session, data, &length);
+	assert (rv == CKR_OK);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_digest (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_COUNT, NULL, 0 };
+	CK_BYTE digest[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_DigestInit) (0, &mech);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_DigestInit) (session, &mech);
+	assert (rv == CKR_OK);
+
+	length = sizeof (digest);
+	rv = (module->C_Digest) (0, (CK_BYTE_PTR)"bLAH", 4, digest, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (digest);
+	rv = (module->C_Digest) (session, (CK_BYTE_PTR)"BLAh", 4, digest, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (1, length);
+	assert (memcmp (digest, "4", 1) == 0);
+
+	rv = (module->C_DigestInit) (session, &mech);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_DigestUpdate) (0, (CK_BYTE_PTR)"blah", 4);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5);
+	assert (rv == CKR_OK);
+
+	/* Adds the the value of object handle to hash: 6 */
+	assert_num_eq (6, MOCK_PUBLIC_KEY_PREFIX);
+	rv = (module->C_DigestKey) (session, MOCK_PUBLIC_KEY_PREFIX);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_DigestUpdate) (session, (CK_BYTE_PTR)"Other", 5);
+	assert (rv == CKR_OK);
+
+	length = sizeof (digest);
+	rv = (module->C_DigestFinal) (0, digest, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (digest);
+	rv = (module->C_DigestFinal) (session, digest, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (2, length);
+	assert (memcmp (digest, "16", 2) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_sign (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 };
+	CK_BYTE signature[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_SignInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	length = sizeof (signature);
+	rv = (module->C_Sign) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (signature);
+	rv = (module->C_Sign) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (13, length);
+	assert (memcmp (signature, "prefix:value4", 13) == 0);
+
+	rv = (module->C_SignInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_SignUpdate) (0, (CK_BYTE_PTR)"blah", 4);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_SignUpdate) (session, (CK_BYTE_PTR)"Other", 5);
+	assert (rv == CKR_OK);
+
+	length = sizeof (signature);
+	rv = (module->C_SignFinal) (0, signature, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (signature);
+	rv = (module->C_SignFinal) (session, signature, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (14, length);
+	assert (memcmp (signature, "prefix:value10", 2) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_sign_recover (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 };
+	CK_BYTE signature[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_SignRecoverInit) (0, &mech, MOCK_PRIVATE_KEY_PREFIX);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_SignRecoverInit) (session, &mech, MOCK_PRIVATE_KEY_PREFIX);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	length = sizeof (signature);
+	rv = (module->C_SignRecover) (0, (CK_BYTE_PTR)"bLAH", 4, signature, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (signature);
+	rv = (module->C_SignRecover) (session, (CK_BYTE_PTR)"BLAh", 4, signature, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (16, length);
+	assert (memcmp (signature, "prefix:valueBLAh", 16) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_verify (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 };
+	CK_BYTE signature[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_VerifyInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX);
+	assert (rv == CKR_OK);
+
+	length = 13;
+	memcpy (signature, "prefix:value4", length);
+	rv = (module->C_Verify) (0, (CK_BYTE_PTR)"bLAH", 4, signature, 5);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_Verify) (session, (CK_BYTE_PTR)"BLAh", 4, signature, length);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_VerifyInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_VerifyUpdate) (0, (CK_BYTE_PTR)"blah", 4);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"sLuRM", 5);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_VerifyUpdate) (session, (CK_BYTE_PTR)"Other", 5);
+	assert (rv == CKR_OK);
+
+	length = 14;
+	memcpy (signature, "prefix:value10", length);
+
+	rv = (module->C_VerifyFinal) (session, signature, 5);
+	assert (rv == CKR_SIGNATURE_LEN_RANGE);
+
+	rv = (module->C_VerifyFinal) (session, signature, length);
+	assert (rv == CKR_OK);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_verify_recover (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_PREFIX, "prefix:", 7 };
+	CK_BYTE data[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_VerifyRecoverInit) (0, &mech, MOCK_PUBLIC_KEY_PREFIX);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_VerifyRecoverInit) (session, &mech, MOCK_PUBLIC_KEY_PREFIX);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_VerifyRecover) (0, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_VerifyRecover) (session, (CK_BYTE_PTR)"prefix:valueBLah", 16, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (4, length);
+	assert (memcmp (data, "BLah", 4) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_digest_encrypt (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
+	CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 };
+	CK_BYTE data[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_DigestInit) (session, &dmech);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_DigestEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_DigestEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (4, length);
+	assert (memcmp (data, "BLAH", 4) == 0);
+
+	length = sizeof (data);
+	rv = (module->C_EncryptFinal) (session, data, &length);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_DigestFinal) (session, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (1, length);
+	assert (memcmp (data, "4", 1) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_decrypt_digest (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
+	CK_MECHANISM dmech = { CKM_MOCK_COUNT, NULL, 0 };
+	CK_BYTE data[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_DigestInit) (session, &dmech);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptDigestUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptDigestUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (4, length);
+	assert (memcmp (data, "blah", 4) == 0);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptFinal) (session, data, &length);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_DigestFinal) (session, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (1, length);
+	assert (memcmp (data, "4", 1) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_sign_encrypt (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
+	CK_MECHANISM smech = { CKM_MOCK_PREFIX, "p:", 2 };
+	CK_BYTE data[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_EncryptInit) (session, &mech, MOCK_PUBLIC_KEY_CAPITALIZE);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_SignInit) (session, &smech, MOCK_PRIVATE_KEY_PREFIX);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_Login) (session, CKU_CONTEXT_SPECIFIC, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_SignEncryptUpdate) (0, (CK_BYTE_PTR)"blah", 4, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_SignEncryptUpdate) (session, (CK_BYTE_PTR)"blah", 4, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (4, length);
+	assert (memcmp (data, "BLAH", 4) == 0);
+
+	length = sizeof (data);
+	rv = (module->C_EncryptFinal) (session, data, &length);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_SignFinal) (session, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (8, length);
+	assert (memcmp (data, "p:value4", 1) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_decrypt_verify (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_CAPITALIZE, NULL, 0 };
+	CK_MECHANISM vmech = { CKM_MOCK_PREFIX, "p:", 2 };
+	CK_BYTE data[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_Login) (session, CKU_USER, (CK_BYTE_PTR)"booo", 4);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_DecryptInit) (session, &mech, MOCK_PRIVATE_KEY_CAPITALIZE);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_VerifyInit) (session, &vmech, MOCK_PUBLIC_KEY_PREFIX);
+	assert (rv == CKR_OK);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptVerifyUpdate) (0, (CK_BYTE_PTR)"BLAH", 4, data, &length);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptVerifyUpdate) (session, (CK_BYTE_PTR)"BLAH", 4, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (4, length);
+	assert (memcmp (data, "blah", 4) == 0);
+
+	length = sizeof (data);
+	rv = (module->C_DecryptFinal) (session, data, &length);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_VerifyFinal) (session, (CK_BYTE_PTR)"p:value4", 8);
+	assert (rv == CKR_OK);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_generate_key (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_OBJECT_HANDLE object;
+	CK_MECHANISM mech = { CKM_MOCK_GENERATE, NULL, 0 };
+	CK_ATTRIBUTE attrs[8];
+	char label[32];
+	char value[64];
+	CK_ULONG bits;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	strcpy (label, "Blahooo");
+	bits = 1555;
+
+	attrs[0].type = CKA_LABEL;
+	attrs[0].pValue = label;
+	attrs[0].ulValueLen = strlen (label);
+	attrs[1].type = CKA_BITS_PER_PIXEL;
+	attrs[1].pValue = &bits;
+	attrs[1].ulValueLen = sizeof (bits);
+
+	rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object);
+	assert (rv == CKR_MECHANISM_PARAM_INVALID);
+
+	mech.pParameter = "generate";
+	mech.ulParameterLen = 9;
+
+	rv = (module->C_GenerateKey) (session, &mech, attrs, 2, &object);
+	assert (rv == CKR_OK);
+
+	attrs[0].ulValueLen = sizeof (label);
+	memset (label, 0, sizeof (label));
+	bits = 0;
+	attrs[2].type = CKA_VALUE;
+	attrs[2].pValue = value;
+	attrs[2].ulValueLen = sizeof (value);
+
+	rv = (module->C_GetAttributeValue) (session, object, attrs, 3);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (bits, 1555);
+	assert_num_eq (7, attrs[0].ulValueLen);
+	assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
+	assert_num_eq (9, attrs[2].ulValueLen);
+	assert (memcmp (value, "generated", attrs[2].ulValueLen) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_generate_key_pair (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_OBJECT_HANDLE pub_object;
+	CK_OBJECT_HANDLE priv_object;
+	CK_MECHANISM mech = { CKM_MOCK_GENERATE, "generated", 9 };
+	CK_ATTRIBUTE pub_attrs[8];
+	CK_ATTRIBUTE priv_attrs[8];
+	char pub_label[32];
+	char pub_value[64];
+	char priv_label[32];
+	char priv_value[64];
+	CK_ULONG pub_bits;
+	CK_ULONG priv_bits;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	strcpy (pub_label, "Blahooo");
+	pub_bits = 1555;
+	pub_attrs[0].type = CKA_LABEL;
+	pub_attrs[0].pValue = pub_label;
+	pub_attrs[0].ulValueLen = strlen (pub_label);
+	pub_attrs[1].type = CKA_BITS_PER_PIXEL;
+	pub_attrs[1].pValue = &pub_bits;
+	pub_attrs[1].ulValueLen = sizeof (pub_bits);
+
+	strcpy (priv_label, "Private");
+	priv_bits = 1666;
+	priv_attrs[0].type = CKA_LABEL;
+	priv_attrs[0].pValue = priv_label;
+	priv_attrs[0].ulValueLen = strlen (priv_label);
+	priv_attrs[1].type = CKA_BITS_PER_PIXEL;
+	priv_attrs[1].pValue = &priv_bits;
+	priv_attrs[1].ulValueLen = sizeof (priv_bits);
+
+	rv = (module->C_GenerateKeyPair) (0, &mech, pub_attrs, 2, priv_attrs, 2,
+	                                  &pub_object, &priv_object);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	mech.pParameter = "generate";
+	mech.ulParameterLen = 9;
+
+	rv = (module->C_GenerateKeyPair) (session, &mech, pub_attrs, 2, priv_attrs, 2,
+	                                  &pub_object, &priv_object);
+	assert (rv == CKR_OK);
+
+	pub_bits = 0;
+	pub_attrs[0].ulValueLen = sizeof (pub_label);
+	memset (pub_label, 0, sizeof (pub_label));
+	pub_attrs[2].type = CKA_VALUE;
+	pub_attrs[2].pValue = pub_value;
+	pub_attrs[2].ulValueLen = sizeof (pub_value);
+
+	rv = (module->C_GetAttributeValue) (session, pub_object, pub_attrs, 3);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (1555, pub_bits);
+	assert_num_eq (7, pub_attrs[0].ulValueLen);
+	assert (memcmp (pub_label, "Blahooo", pub_attrs[0].ulValueLen) == 0);
+	assert_num_eq (9, pub_attrs[2].ulValueLen);
+	assert (memcmp (pub_value, "generated", pub_attrs[2].ulValueLen) == 0);
+
+	priv_bits = 0;
+	priv_attrs[0].ulValueLen = sizeof (priv_label);
+	memset (priv_label, 0, sizeof (priv_label));
+	priv_attrs[2].type = CKA_VALUE;
+	priv_attrs[2].pValue = priv_value;
+	priv_attrs[2].ulValueLen = sizeof (priv_value);
+
+	rv = (module->C_GetAttributeValue) (session, priv_object, priv_attrs, 3);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (1666, priv_bits);
+	assert_num_eq (7, priv_attrs[0].ulValueLen);
+	assert (memcmp (priv_label, "Private", priv_attrs[0].ulValueLen) == 0);
+	assert_num_eq (9, priv_attrs[2].ulValueLen);
+	assert (memcmp (priv_value, "generated", priv_attrs[2].ulValueLen) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_wrap_key (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 };
+	CK_BYTE data[128];
+	CK_ULONG length;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	length = sizeof (data);
+	rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length);
+	assert (rv == CKR_MECHANISM_PARAM_INVALID);
+
+	mech.pParameter = "wrap";
+	mech.ulParameterLen = 4;
+
+	rv = (module->C_WrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX, MOCK_PUBLIC_KEY_PREFIX, data, &length);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (5, length);
+	assert (memcmp (data, "value", 5) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_unwrap_key (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_OBJECT_HANDLE object;
+	CK_MECHANISM mech = { CKM_MOCK_WRAP, NULL, 0 };
+	CK_ATTRIBUTE attrs[8];
+	char label[32];
+	char value[64];
+	CK_ULONG bits;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	strcpy (label, "Blahooo");
+	bits = 1555;
+
+	attrs[0].type = CKA_LABEL;
+	attrs[0].pValue = label;
+	attrs[0].ulValueLen = strlen (label);
+	attrs[1].type = CKA_BITS_PER_PIXEL;
+	attrs[1].pValue = &bits;
+	attrs[1].ulValueLen = sizeof (bits);
+
+	rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX,
+	                            (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object);
+	assert (rv == CKR_MECHANISM_PARAM_INVALID);
+
+	mech.pParameter = "wrap";
+	mech.ulParameterLen = 4;
+
+	rv = (module->C_UnwrapKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX,
+	                            (CK_BYTE_PTR)"wheee", 5, attrs, 2, &object);
+	assert (rv == CKR_OK);
+
+	attrs[0].ulValueLen = sizeof (label);
+	memset (label, 0, sizeof (label));
+	bits = 0;
+	attrs[2].type = CKA_VALUE;
+	attrs[2].pValue = value;
+	attrs[2].ulValueLen = sizeof (value);
+
+	rv = (module->C_GetAttributeValue) (session, object, attrs, 3);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (bits, 1555);
+	assert_num_eq (7, attrs[0].ulValueLen);
+	assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
+	assert_num_eq (5, attrs[2].ulValueLen);
+	assert (memcmp (value, "wheee", attrs[2].ulValueLen) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_derive_key (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_OBJECT_HANDLE object;
+	CK_MECHANISM mech = { CKM_MOCK_DERIVE, NULL, 0 };
+	CK_ATTRIBUTE attrs[8];
+	char label[32];
+	char value[64];
+	CK_ULONG bits;
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	strcpy (label, "Blahooo");
+	bits = 1555;
+
+	attrs[0].type = CKA_LABEL;
+	attrs[0].pValue = label;
+	attrs[0].ulValueLen = strlen (label);
+	attrs[1].type = CKA_BITS_PER_PIXEL;
+	attrs[1].pValue = &bits;
+	attrs[1].ulValueLen = sizeof (bits);
+
+	rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX,
+	                                attrs, 2, &object);
+	assert (rv == CKR_MECHANISM_PARAM_INVALID);
+
+	mech.pParameter = "derive";
+	mech.ulParameterLen = 6;
+
+	rv = (module->C_DeriveKey) (session, &mech, MOCK_PUBLIC_KEY_PREFIX,
+	                            attrs, 2, &object);
+	assert (rv == CKR_OK);
+
+	attrs[0].ulValueLen = sizeof (label);
+	memset (label, 0, sizeof (label));
+	bits = 0;
+	attrs[2].type = CKA_VALUE;
+	attrs[2].pValue = value;
+	attrs[2].ulValueLen = sizeof (value);
+
+	rv = (module->C_GetAttributeValue) (session, object, attrs, 3);
+	assert (rv == CKR_OK);
+
+	assert_num_eq (bits, 1555);
+	assert_num_eq (7, attrs[0].ulValueLen);
+	assert (memcmp (label, "Blahooo", attrs[0].ulValueLen) == 0);
+	assert_num_eq (7, attrs[2].ulValueLen);
+	assert (memcmp (value, "derived", attrs[2].ulValueLen) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_random (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_SESSION_HANDLE session = 0;
+	CK_BYTE data[10];
+	CK_RV rv;
+
+	module = setup_mock_module (&session);
+
+	rv = (module->C_SeedRandom) (0, (CK_BYTE_PTR)"seed", 4);
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_SeedRandom) (session, (CK_BYTE_PTR)"seed", 4);
+	assert (rv == CKR_OK);
+
+	rv = (module->C_GenerateRandom) (0, data, sizeof (data));
+	assert (rv == CKR_SESSION_HANDLE_INVALID);
+
+	rv = (module->C_GenerateRandom) (session, data, sizeof (data));
+	assert (rv == CKR_OK);
+
+	assert (memcmp (data, "seedseedse", sizeof (data)) == 0);
+
+	teardown_mock_module (module);
+}
+
+static void
+test_mock_add_tests (const char *prefix)
+{
+	p11_test (test_get_info, "%s/test_get_info", prefix);
+	p11_test (test_get_slot_list, "%s/test_get_slot_list", prefix);
+	p11_test (test_get_slot_info, "%s/test_get_slot_info", prefix);
+	p11_test (test_get_token_info, "%s/test_get_token_info", prefix);
+	p11_test (test_get_mechanism_list, "%s/test_get_mechanism_list", prefix);
+	p11_test (test_get_mechanism_info, "%s/test_get_mechanism_info", prefix);
+	p11_test (test_init_token, "%s/test_init_token", prefix);
+	p11_test (test_wait_for_slot_event, "%s/test_wait_for_slot_event", prefix);
+	p11_test (test_open_close_session, "%s/test_open_close_session", prefix);
+	p11_test (test_close_all_sessions, "%s/test_close_all_sessions", prefix);
+	p11_test (test_get_function_status, "%s/test_get_function_status", prefix);
+	p11_test (test_cancel_function, "%s/test_cancel_function", prefix);
+	p11_test (test_get_session_info, "%s/test_get_session_info", prefix);
+	p11_test (test_init_pin, "%s/test_init_pin", prefix);
+	p11_test (test_set_pin, "%s/test_set_pin", prefix);
+	p11_test (test_operation_state, "%s/test_operation_state", prefix);
+	p11_test (test_login_logout, "%s/test_login_logout", prefix);
+	p11_test (test_get_attribute_value, "%s/test_get_attribute_value", prefix);
+	p11_test (test_set_attribute_value, "%s/test_set_attribute_value", prefix);
+	p11_test (test_create_object, "%s/test_create_object", prefix);
+	p11_test (test_copy_object, "%s/test_copy_object", prefix);
+	p11_test (test_destroy_object, "%s/test_destroy_object", prefix);
+	p11_test (test_get_object_size, "%s/test_get_object_size", prefix);
+	p11_test (test_find_objects, "%s/test_find_objects", prefix);
+	p11_test (test_encrypt, "%s/test_encrypt", prefix);
+	p11_test (test_decrypt, "%s/test_decrypt", prefix);
+	p11_test (test_digest, "%s/test_digest", prefix);
+	p11_test (test_sign, "%s/test_sign", prefix);
+	p11_test (test_sign_recover, "%s/test_sign_recover", prefix);
+	p11_test (test_verify, "%s/test_verify", prefix);
+	p11_test (test_verify_recover, "%s/test_verify_recover", prefix);
+	p11_test (test_digest_encrypt, "%s/test_digest_encrypt", prefix);
+	p11_test (test_decrypt_digest, "%s/test_decrypt_digest", prefix);
+	p11_test (test_sign_encrypt, "%s/test_sign_encrypt", prefix);
+	p11_test (test_decrypt_verify, "%s/test_decrypt_verify", prefix);
+	p11_test (test_generate_key, "%s/test_generate_key", prefix);
+	p11_test (test_generate_key_pair, "%s/test_generate_key_pair", prefix);
+	p11_test (test_wrap_key, "%s/test_wrap_key", prefix);
+	p11_test (test_unwrap_key, "%s/test_unwrap_key", prefix);
+	p11_test (test_derive_key, "%s/test_derive_key", prefix);
+	p11_test (test_random, "%s/test_random", prefix);
+}
diff --git a/p11-kit/tests/test-modules.c b/p11-kit/tests/test-modules.c
index 3a6e968..d50b2d5 100644
--- a/p11-kit/tests/test-modules.c
+++ b/p11-kit/tests/test-modules.c
@@ -33,7 +33,7 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
 
 #include 
 #include 
@@ -47,32 +47,24 @@
 #include "dict.h"
 
 static CK_FUNCTION_LIST_PTR_PTR
-initialize_and_get_modules (CuTest *tc)
+initialize_and_get_modules (void)
 {
 	CK_FUNCTION_LIST_PTR_PTR modules;
-	CK_RV rv;
 
-	rv = p11_kit_initialize_registered ();
-	CuAssertIntEquals (tc, CKR_OK, rv);
-	modules = p11_kit_registered_modules ();
-	CuAssertTrue (tc, modules != NULL && modules[0] != NULL);
+	modules = p11_kit_modules_load_and_initialize (0);
+	assert (modules != NULL && modules[0] != NULL);
 
 	return modules;
 }
 
 static void
-finalize_and_free_modules (CuTest *tc,
-                           CK_FUNCTION_LIST_PTR_PTR modules)
+finalize_and_free_modules (CK_FUNCTION_LIST_PTR_PTR modules)
 {
-	CK_RV rv;
-
-	free (modules);
-	rv = p11_kit_finalize_registered ();
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	p11_kit_modules_finalize_and_release (modules);
 }
 
 static void
-test_no_duplicates (CuTest *tc)
+test_no_duplicates (void)
 {
 	CK_FUNCTION_LIST_PTR_PTR modules;
 	p11_dict *paths;
@@ -80,35 +72,34 @@ test_no_duplicates (CuTest *tc)
 	char *path;
 	int i;
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 	paths = p11_dict_new (p11_dict_str_hash, p11_dict_str_equal, NULL, NULL);
 	funcs = p11_dict_new (p11_dict_direct_hash, p11_dict_direct_equal, NULL, NULL);
 
 	/* The loaded modules should not contain duplicates */
 	for (i = 0; modules[i] != NULL; i++) {
-		path = p11_kit_registered_option (modules[i], "module");
+		path = p11_kit_config_option (modules[i], "module");
 
 		if (p11_dict_get (funcs, modules[i]))
-			CuAssert (tc, "found duplicate function list pointer", 0);
+			assert_fail ("found duplicate function list pointer", NULL);
 		if (p11_dict_get (paths, path))
-			CuAssert (tc, "found duplicate path name", 0);
+			assert_fail ("found duplicate path name", NULL);
 
 		if (!p11_dict_set (funcs, modules[i], ""))
-			CuAssert (tc, "shouldn't be reached", 0);
+			assert_not_reached ();
 		if (!p11_dict_set (paths, path, ""))
-			CuAssert (tc, "shouldn't be reached", 0);
+			assert_not_reached ();
 
 		free (path);
 	}
 
 	p11_dict_free (paths);
 	p11_dict_free (funcs);
-	finalize_and_free_modules (tc, modules);
+	finalize_and_free_modules (modules);
 }
 
 static CK_FUNCTION_LIST_PTR
-lookup_module_with_name (CuTest *tc,
-                         CK_FUNCTION_LIST_PTR_PTR modules,
+lookup_module_with_name (CK_FUNCTION_LIST_PTR_PTR modules,
                          const char *name)
 {
 	CK_FUNCTION_LIST_PTR match = NULL;
@@ -117,8 +108,8 @@ lookup_module_with_name (CuTest *tc,
 	int i;
 
 	for (i = 0; match == NULL && modules[i] != NULL; i++) {
-		module_name = p11_kit_registered_module_to_name (modules[i]);
-		CuAssertPtrNotNull (tc, module_name);
+		module_name = p11_kit_module_get_name (modules[i]);
+		assert_ptr_not_null (module_name);
 		if (strcmp (module_name, name) == 0)
 			match = modules[i];
 		free (module_name);
@@ -128,15 +119,15 @@ lookup_module_with_name (CuTest *tc,
 	 * As a side effect, we should check that the results of this function
 	 * matches the above search.
 	 */
-	module = p11_kit_registered_name_to_module (name);
-	CuAssert(tc, "different result from p11_kit_registered_name_to_module()",
-	         module == match);
+	module = p11_kit_module_for_name (modules, name);
+	if (module != match)
+		assert_fail ("different result from p11_kit_module_for_name ()", NULL);
 
 	return match;
 }
 
 static void
-test_disable (CuTest *tc)
+test_disable (void)
 {
 	CK_FUNCTION_LIST_PTR_PTR modules;
 
@@ -145,9 +136,9 @@ test_disable (CuTest *tc)
 	 * that it has disabled.
 	 */
 
-	modules = initialize_and_get_modules (tc);
-	CuAssertTrue (tc, lookup_module_with_name (tc, modules, "four") != NULL);
-	finalize_and_free_modules (tc, modules);
+	modules = initialize_and_get_modules ();
+	assert (lookup_module_with_name (modules, "four") != NULL);
+	finalize_and_free_modules (modules);
 
 	/*
 	 * The module two shouldn't have been loaded, because in its config
@@ -158,18 +149,17 @@ test_disable (CuTest *tc)
 
 	p11_kit_set_progname ("test-disable");
 
-	modules = initialize_and_get_modules (tc);
-	CuAssertTrue (tc, lookup_module_with_name (tc, modules, "four") == NULL);
-	finalize_and_free_modules (tc, modules);
+	modules = initialize_and_get_modules ();
+	assert (lookup_module_with_name (modules, "four") == NULL);
+	finalize_and_free_modules (modules);
 
 	p11_kit_set_progname (NULL);
 }
 
 static void
-test_disable_later (CuTest *tc)
+test_disable_later (void)
 {
 	CK_FUNCTION_LIST_PTR_PTR modules;
-	CK_RV rv;
 
 	/*
 	 * The module two shouldn't be matched, because in its config
@@ -178,22 +168,19 @@ test_disable_later (CuTest *tc)
 	 * disable-in: test-disable
 	 */
 
-	rv = p11_kit_initialize_registered ();
-	CuAssertIntEquals (tc, CKR_OK, rv);
-
 	p11_kit_set_progname ("test-disable");
 
-	modules = p11_kit_registered_modules ();
-	CuAssertTrue (tc, modules != NULL && modules[0] != NULL);
+	modules = p11_kit_modules_load_and_initialize (0);
+	assert (modules != NULL && modules[0] != NULL);
 
-	CuAssertTrue (tc, lookup_module_with_name (tc, modules, "two") == NULL);
-	finalize_and_free_modules (tc, modules);
+	assert (lookup_module_with_name (modules, "two") == NULL);
+	finalize_and_free_modules (modules);
 
 	p11_kit_set_progname (NULL);
 }
 
 static void
-test_enable (CuTest *tc)
+test_enable (void)
 {
 	CK_FUNCTION_LIST_PTR_PTR modules;
 
@@ -202,9 +189,9 @@ test_enable (CuTest *tc)
 	 * program.
 	 */
 
-	modules = initialize_and_get_modules (tc);
-	CuAssertTrue (tc, lookup_module_with_name (tc, modules, "three") == NULL);
-	finalize_and_free_modules (tc, modules);
+	modules = initialize_and_get_modules ();
+	assert (lookup_module_with_name (modules, "three") == NULL);
+	finalize_and_free_modules (modules);
 
 	/*
 	 * The module three should be loaded here , because in its config
@@ -215,15 +202,15 @@ test_enable (CuTest *tc)
 
 	p11_kit_set_progname ("test-enable");
 
-	modules = initialize_and_get_modules (tc);
-	CuAssertTrue (tc, lookup_module_with_name (tc, modules, "three") != NULL);
-	finalize_and_free_modules (tc, modules);
+	modules = initialize_and_get_modules ();
+	assert (lookup_module_with_name (modules, "three") != NULL);
+	finalize_and_free_modules (modules);
 
 	p11_kit_set_progname (NULL);
 }
 
 static void
-test_priority (CuTest *tc)
+test_priority (void)
 {
 	CK_FUNCTION_LIST_PTR_PTR modules;
 	char *name;
@@ -242,12 +229,12 @@ test_priority (CuTest *tc)
 	/* This enables module three */
 	p11_kit_set_progname ("test-enable");
 
-	modules = initialize_and_get_modules (tc);
+	modules = initialize_and_get_modules ();
 
 	/* The loaded modules should not contain duplicates */
 	for (i = 0; modules[i] != NULL; i++) {
-		name = p11_kit_registered_module_to_name (modules[i]);
-		CuAssertPtrNotNull (tc, name);
+		name = p11_kit_module_get_name (modules[i]);
+		assert_ptr_not_null (name);
 
 		/* Either one of these can be loaded, as this is a duplicate module */
 		if (strcmp (name, "two-duplicate") == 0) {
@@ -255,38 +242,124 @@ test_priority (CuTest *tc)
 			name = strdup ("two.badname");
 		}
 
-		CuAssertStrEquals (tc, expected[i], name);
+		assert_str_eq (expected[i], name);
 		free (name);
 	}
 
-	CuAssertIntEquals (tc, 4, i);
-	finalize_and_free_modules (tc, modules);
+	assert_num_eq (4, i);
+	finalize_and_free_modules (modules);
 }
 
-int
-main (void)
+static void
+test_module_name (void)
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
+	CK_FUNCTION_LIST_PTR_PTR modules;
+	CK_FUNCTION_LIST_PTR module;
+	char *name;
+
+	/*
+	 * The module three should not be present, as we don't match the current
+	 * program.
+	 */
+
+	modules = initialize_and_get_modules ();
+
+	module = p11_kit_module_for_name (modules, "one");
+	assert_ptr_not_null (module);
+	name = p11_kit_module_get_name (module);
+	assert_str_eq ("one", name);
+	free (name);
+
+	module = p11_kit_module_for_name (modules, "invalid");
+	assert_ptr_eq (NULL, module);
+
+	module = p11_kit_module_for_name (NULL, "one");
+	assert_ptr_eq (NULL, module);
+
+	finalize_and_free_modules (modules);
+}
+
+static void
+test_module_flags (void)
+{
+	CK_FUNCTION_LIST **modules;
+	CK_FUNCTION_LIST **unmanaged;
+	int flags;
+
+	/*
+	 * The module three should not be present, as we don't match the current
+	 * program.
+	 */
+
+	modules = initialize_and_get_modules ();
 
-	putenv ("P11_KIT_STRICT=1");
+	flags = p11_kit_module_get_flags (modules[0]);
+	assert_num_eq (0, flags);
+
+	unmanaged = p11_kit_modules_load (NULL, P11_KIT_MODULE_UNMANAGED);
+	assert (unmanaged != NULL && unmanaged[0] != NULL);
+
+	flags = p11_kit_module_get_flags (unmanaged[0]);
+	assert_num_eq (P11_KIT_MODULE_UNMANAGED, flags);
+
+	finalize_and_free_modules (modules);
+	p11_kit_modules_release (unmanaged);
+}
+
+static void
+test_config_option (void)
+{
+	CK_FUNCTION_LIST_PTR_PTR modules;
+	CK_FUNCTION_LIST_PTR module;
+	char *value;
+
+	/*
+	 * The module three should not be present, as we don't match the current
+	 * program.
+	 */
+
+	modules = initialize_and_get_modules ();
+
+	value = p11_kit_config_option (NULL, "new");
+	assert_str_eq ("world", value);
+	free (value);
+
+	module = p11_kit_module_for_name (modules, "one");
+	assert_ptr_not_null (module);
+
+	value = p11_kit_config_option (module, "setting");
+	assert_str_eq ("user1", value);
+	free (value);
+
+	value = p11_kit_config_option (NULL, "invalid");
+	assert_ptr_eq (NULL, value);
+
+	value = p11_kit_config_option (module, "invalid");
+	assert_ptr_eq (NULL, value);
+
+	/* Invalid but non-NULL module pointer */
+	value = p11_kit_config_option (module + 1, "setting");
+	assert_ptr_eq (NULL, value);
+
+	finalize_and_free_modules (modules);
+}
+
+int
+main (int argc,
+      char *argv[])
+{
 	p11_library_init ();
 
-	SUITE_ADD_TEST (suite, test_no_duplicates);
-	SUITE_ADD_TEST (suite, test_disable);
-	SUITE_ADD_TEST (suite, test_disable_later);
-	SUITE_ADD_TEST (suite, test_enable);
-	SUITE_ADD_TEST (suite, test_priority);
+	p11_test (test_no_duplicates, "/modules/test_no_duplicates");
+	p11_test (test_disable, "/modules/test_disable");
+	p11_test (test_disable_later, "/modules/test_disable_later");
+	p11_test (test_enable, "/modules/test_enable");
+	p11_test (test_priority, "/modules/test_priority");
+	p11_test (test_module_name, "/modules/test_module_name");
+	p11_test (test_module_flags, "/modules/test_module_flags");
+	p11_test (test_config_option, "/modules/test_config_option");
 
 	p11_kit_be_quiet ();
 
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-	return ret;
+	return p11_test_run (argc, argv);
 }
diff --git a/p11-kit/tests/pin-test.c b/p11-kit/tests/test-pin.c
similarity index 78%
rename from p11-kit/tests/pin-test.c
rename to p11-kit/tests/test-pin.c
index dd020bc..ebe3efc 100644
--- a/p11-kit/tests/pin-test.c
+++ b/p11-kit/tests/test-pin.c
@@ -33,7 +33,7 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
 
 #include "library.h"
 
@@ -71,7 +71,7 @@ destroy_data (void *callback_data)
 }
 
 static void
-test_pin_register_unregister (CuTest *tc)
+test_pin_register_unregister (void)
 {
 	int data = 33;
 
@@ -81,11 +81,11 @@ test_pin_register_unregister (CuTest *tc)
 	p11_kit_pin_unregister_callback ("/the/pin_source", callback_one,
 	                                 &data);
 
-	CuAssertIntEquals (tc, 34, data);
+	assert_num_eq (34, data);
 }
 
 static void
-test_pin_read (CuTest *tc)
+test_pin_read (void)
 {
 	P11KitUri *uri;
 	P11KitPin *pin;
@@ -101,10 +101,10 @@ test_pin_read (CuTest *tc)
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 	p11_kit_uri_free (uri);
 
-	CuAssertPtrNotNull (tc, pin);
+	assert_ptr_not_null (pin);
 	ptr = p11_kit_pin_get_value (pin, &length);
-	CuAssertIntEquals (tc, 3, length);
-	CuAssertTrue (tc, memcmp (ptr, "one", 3) == 0);
+	assert_num_eq (3, length);
+	assert (memcmp (ptr, "one", 3) == 0);
 
 	p11_kit_pin_unregister_callback ("/the/pin_source", callback_one,
 	                                 &data);
@@ -113,7 +113,7 @@ test_pin_read (CuTest *tc)
 }
 
 static void
-test_pin_read_no_match (CuTest *tc)
+test_pin_read_no_match (void)
 {
 	P11KitUri *uri;
 	P11KitPin *pin;
@@ -123,11 +123,11 @@ test_pin_read_no_match (CuTest *tc)
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 	p11_kit_uri_free (uri);
 
-	CuAssertPtrEquals (tc, NULL, pin);
+	assert_ptr_eq (NULL, pin);
 }
 
 static void
-test_pin_register_duplicate (CuTest *tc)
+test_pin_register_duplicate (void)
 {
 	P11KitUri *uri;
 	P11KitPin *pin;
@@ -147,10 +147,10 @@ test_pin_register_duplicate (CuTest *tc)
 	pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 
-	CuAssertPtrNotNull (tc, pin);
+	assert_ptr_not_null (pin);
 	ptr = p11_kit_pin_get_value (pin, &length);
-	CuAssertIntEquals (tc, 6, length);
-	CuAssertTrue (tc, memcmp (ptr, "secret", length) == 0);
+	assert_num_eq (6, length);
+	assert (memcmp (ptr, "secret", length) == 0);
 	p11_kit_pin_unref (pin);
 
 	p11_kit_pin_unregister_callback ("/the/pin_source", callback_other,
@@ -159,10 +159,10 @@ test_pin_register_duplicate (CuTest *tc)
 	pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 
-	CuAssertPtrNotNull (tc, pin);
+	assert_ptr_not_null (pin);
 	ptr = p11_kit_pin_get_value (pin, &length);
-	CuAssertIntEquals (tc, 3, length);
-	CuAssertTrue (tc, memcmp (ptr, "one", length) == 0);
+	assert_num_eq (3, length);
+	assert (memcmp (ptr, "one", length) == 0);
 	p11_kit_pin_unref (pin);
 
 	p11_kit_pin_unregister_callback ("/the/pin_source", callback_one,
@@ -171,13 +171,13 @@ test_pin_register_duplicate (CuTest *tc)
 	pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 
-	CuAssertPtrEquals (tc, NULL, pin);
+	assert_ptr_eq (NULL, pin);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_pin_register_fallback (CuTest *tc)
+test_pin_register_fallback (void)
 {
 	char *value = "secret";
 	P11KitUri *uri;
@@ -194,10 +194,10 @@ test_pin_register_fallback (CuTest *tc)
 	pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 
-	CuAssertPtrNotNull (tc, pin);
+	assert_ptr_not_null (pin);
 	ptr = p11_kit_pin_get_value (pin, &length);
-	CuAssertIntEquals (tc, 3, length);
-	CuAssertTrue (tc, memcmp (ptr, "one", length) == 0);
+	assert_num_eq (3, length);
+	assert (memcmp (ptr, "one", length) == 0);
 	p11_kit_pin_unref (pin);
 
 	p11_kit_pin_register_callback ("/the/pin_source", callback_other,
@@ -206,10 +206,10 @@ test_pin_register_fallback (CuTest *tc)
 	pin = p11_kit_pin_request ("/the/pin_source", uri, "The token",
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 
-	CuAssertPtrNotNull (tc, pin);
+	assert_ptr_not_null (pin);
 	ptr = p11_kit_pin_get_value (pin, &length);
-	CuAssertIntEquals (tc, 6, length);
-	CuAssertTrue (tc, memcmp (ptr, "secret", length) == 0);
+	assert_num_eq (6, length);
+	assert (memcmp (ptr, "secret", length) == 0);
 	p11_kit_pin_unref (pin);
 
 	p11_kit_pin_unregister_callback ("/the/pin_source", callback_other,
@@ -222,7 +222,7 @@ test_pin_register_fallback (CuTest *tc)
 }
 
 static void
-test_pin_file (CuTest *tc)
+test_pin_file (void)
 {
 	P11KitUri *uri;
 	P11KitPin *pin;
@@ -237,16 +237,16 @@ test_pin_file (CuTest *tc)
 	pin = p11_kit_pin_request (SRCDIR "/files/test-pinfile", uri, "The token",
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 
-	CuAssertPtrNotNull (tc, pin);
+	assert_ptr_not_null (pin);
 	ptr = p11_kit_pin_get_value (pin, &length);
-	CuAssertIntEquals (tc, 12, length);
-	CuAssertTrue (tc, memcmp (ptr, "yogabbagabba", length) == 0);
+	assert_num_eq (12, length);
+	assert (memcmp (ptr, "yogabbagabba", length) == 0);
 	p11_kit_pin_unref (pin);
 
 	pin = p11_kit_pin_request (SRCDIR "/files/nonexistant", uri, "The token",
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 
-	CuAssertPtrEquals (tc, NULL, pin);
+	assert_ptr_eq (NULL, pin);
 
 	p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
 	                                 NULL);
@@ -255,7 +255,7 @@ test_pin_file (CuTest *tc)
 }
 
 static void
-test_pin_file_large (CuTest *tc)
+test_pin_file_large (void)
 {
 	P11KitUri *uri;
 	P11KitPin *pin;
@@ -270,8 +270,8 @@ test_pin_file_large (CuTest *tc)
 	                            P11_KIT_PIN_FLAGS_USER_LOGIN);
 
 	error = errno;
-	CuAssertPtrEquals (tc, NULL, pin);
-	CuAssertIntEquals (tc, EFBIG, error);
+	assert_ptr_eq (NULL, pin);
+	assert_num_eq (EFBIG, error);
 
 	p11_kit_pin_unregister_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
 	                                 NULL);
@@ -280,7 +280,7 @@ test_pin_file_large (CuTest *tc)
 }
 
 static void
-test_pin_ref_unref (CuTest *tc)
+test_pin_ref_unref (void)
 {
 	P11KitPin *pin;
 	P11KitPin *check;
@@ -288,38 +288,26 @@ test_pin_ref_unref (CuTest *tc)
 	pin = p11_kit_pin_new_for_string ("crack of lies");
 
 	check = p11_kit_pin_ref (pin);
-	CuAssertPtrEquals (tc, pin, check);
+	assert_ptr_eq (pin, check);
 
 	p11_kit_pin_unref (pin);
 	p11_kit_pin_unref (check);
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
 	p11_library_init ();
 
-	SUITE_ADD_TEST (suite, test_pin_register_unregister);
-	SUITE_ADD_TEST (suite, test_pin_read);
-	SUITE_ADD_TEST (suite, test_pin_read_no_match);
-	SUITE_ADD_TEST (suite, test_pin_register_duplicate);
-	SUITE_ADD_TEST (suite, test_pin_register_fallback);
-	SUITE_ADD_TEST (suite, test_pin_file);
-	SUITE_ADD_TEST (suite, test_pin_file_large);
-	SUITE_ADD_TEST (suite, test_pin_ref_unref);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+	p11_test (test_pin_register_unregister, "/pin/test_pin_register_unregister");
+	p11_test (test_pin_read, "/pin/test_pin_read");
+	p11_test (test_pin_read_no_match, "/pin/test_pin_read_no_match");
+	p11_test (test_pin_register_duplicate, "/pin/test_pin_register_duplicate");
+	p11_test (test_pin_register_fallback, "/pin/test_pin_register_fallback");
+	p11_test (test_pin_file, "/pin/test_pin_file");
+	p11_test (test_pin_file_large, "/pin/test_pin_file_large");
+	p11_test (test_pin_ref_unref, "/pin/test_pin_ref_unref");
+
+	return p11_test_run (argc, argv);
 }
diff --git a/p11-kit/tests/progname-test.c b/p11-kit/tests/test-progname.c
similarity index 76%
rename from p11-kit/tests/progname-test.c
rename to p11-kit/tests/test-progname.c
index 18a8c55..76b136d 100644
--- a/p11-kit/tests/progname-test.c
+++ b/p11-kit/tests/test-progname.c
@@ -33,7 +33,7 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
 
 #include "library.h"
 
@@ -47,52 +47,40 @@
 #include "p11-kit/private.h"
 
 static void
-test_progname_default (CuTest *tc)
+test_progname_default (void)
 {
 	const char *progname;
 
 	progname = _p11_get_progname_unlocked ();
-	CuAssertStrEquals (tc, "progname-test", progname);
+	assert_str_eq ("test-progname", progname);
 }
 
 static void
-test_progname_set (CuTest *tc)
+test_progname_set (void)
 {
 	const char *progname;
 
 	p11_kit_set_progname ("love-generation");
 
 	progname = _p11_get_progname_unlocked ();
-	CuAssertStrEquals (tc, "love-generation", progname);
+	assert_str_eq ("love-generation", progname);
 
 	_p11_set_progname_unlocked (NULL);
 
 	progname = _p11_get_progname_unlocked ();
-	CuAssertStrEquals (tc, "progname-test", progname);
+	assert_str_eq ("test-progname", progname);
 }
 
 /* Defined in util.c */
 extern char p11_my_progname[];
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
 	p11_library_init ();
 
-	SUITE_ADD_TEST (suite, test_progname_default);
-	SUITE_ADD_TEST (suite, test_progname_set);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-	return ret;
+	p11_test (test_progname_default, "/progname/test_progname_default");
+	p11_test (test_progname_set, "/progname/test_progname_set");
+	return p11_test_run (argc, argv);
 }
diff --git a/p11-kit/tests/test-proxy.c b/p11-kit/tests/test-proxy.c
new file mode 100644
index 0000000..bf5007d
--- /dev/null
+++ b/p11-kit/tests/test-proxy.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright (c) 2013 Red Hat Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#define CRYPTOKI_EXPORTS
+
+#include "config.h"
+#include "test.h"
+
+#include "library.h"
+#include "mock.h"
+#include "p11-kit.h"
+#include "pkcs11.h"
+#include "proxy.h"
+
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/* This is the proxy module entry point in proxy.c, and linked to this test */
+CK_RV C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR list);
+
+static CK_SLOT_ID mock_slot_one_id;
+static CK_SLOT_ID mock_slot_two_id;
+static CK_ULONG mock_slots_present;
+static CK_ULONG mock_slots_all;
+
+static void
+test_initialize_finalize (void)
+{
+	CK_FUNCTION_LIST_PTR proxy;
+	CK_RV rv;
+
+	rv = C_GetFunctionList (&proxy);
+	assert (rv == CKR_OK);
+
+	assert (p11_proxy_module_check (proxy));
+
+	rv = proxy->C_Initialize (NULL);
+	assert (rv == CKR_OK);
+
+	rv = proxy->C_Finalize (NULL);
+	assert (rv == CKR_OK);
+
+	p11_proxy_module_cleanup ();
+}
+
+static void
+test_initialize_multiple (void)
+{
+	CK_FUNCTION_LIST_PTR proxy;
+	CK_RV rv;
+
+	rv = C_GetFunctionList (&proxy);
+	assert (rv == CKR_OK);
+
+	assert (p11_proxy_module_check (proxy));
+
+	rv = proxy->C_Initialize (NULL);
+	assert (rv == CKR_OK);
+
+	rv = proxy->C_Initialize (NULL);
+	assert (rv == CKR_OK);
+
+	rv = proxy->C_Finalize (NULL);
+	assert (rv == CKR_OK);
+
+	rv = proxy->C_Finalize (NULL);
+	assert (rv == CKR_OK);
+
+	rv = proxy->C_Finalize (NULL);
+	assert (rv == CKR_CRYPTOKI_NOT_INITIALIZED);
+
+	p11_proxy_module_cleanup ();
+}
+
+static CK_FUNCTION_LIST_PTR
+setup_mock_module (CK_SESSION_HANDLE *session)
+{
+	CK_FUNCTION_LIST_PTR proxy;
+	CK_SLOT_ID slots[32];
+	CK_RV rv;
+
+	rv = C_GetFunctionList (&proxy);
+	assert (rv == CKR_OK);
+
+	assert (p11_proxy_module_check (proxy));
+
+	rv = proxy->C_Initialize (NULL);
+	assert (rv == CKR_OK);
+
+	mock_slots_all = 32;
+	rv = proxy->C_GetSlotList (CK_FALSE, slots, &mock_slots_all);
+	assert (rv == CKR_OK);
+	assert (mock_slots_all >= 2);
+
+	/* Assume this is the slot we want to deal with */
+	mock_slot_one_id = slots[0];
+	mock_slot_two_id = slots[1];
+
+	rv = proxy->C_GetSlotList (CK_TRUE, NULL, &mock_slots_present);
+	assert (rv == CKR_OK);
+	assert (mock_slots_present > 1);
+
+	if (session) {
+		rv = (proxy->C_OpenSession) (mock_slot_one_id,
+		                             CKF_RW_SESSION | CKF_SERIAL_SESSION,
+		                             NULL, NULL, session);
+		assert (rv == CKR_OK);
+	}
+
+	return proxy;
+}
+
+static void
+teardown_mock_module (CK_FUNCTION_LIST_PTR module)
+{
+	CK_RV rv;
+
+	rv = module->C_Finalize (NULL);
+	assert (rv == CKR_OK);
+}
+
+/*
+ * We redefine the mock module slot id so that the tests in test-mock.c
+ * use the proxy mapped slot id rather than the hard coded one
+ */
+#define MOCK_SLOT_ONE_ID mock_slot_one_id
+#define MOCK_SLOT_TWO_ID mock_slot_two_id
+#define MOCK_SLOTS_PRESENT mock_slots_present
+#define MOCK_SLOTS_ALL mock_slots_all
+#define MOCK_INFO mock_info
+#define MOCK_SKIP_WAIT_TEST
+
+static const CK_INFO mock_info = {
+	{ CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },
+	"PKCS#11 Kit                     ",
+	0,
+	"PKCS#11 Kit Proxy Module        ",
+	{ 1, 1 }
+};
+
+/* Bring in all the mock module tests */
+#include "test-mock.c"
+
+int
+main (int argc,
+      char *argv[])
+{
+	p11_library_init ();
+	p11_kit_be_quiet ();
+
+	p11_test (test_initialize_finalize, "/proxy/initialize-finalize");
+	p11_test (test_initialize_multiple, "/proxy/initialize-multiple");
+
+	test_mock_add_tests ("/proxy");
+
+	return p11_test_run (argc, argv);
+}
diff --git a/p11-kit/tests/uri-test.c b/p11-kit/tests/test-uri.c
similarity index 56%
rename from p11-kit/tests/uri-test.c
rename to p11-kit/tests/test-uri.c
index 2bc121c..f514f7a 100644
--- a/p11-kit/tests/uri-test.c
+++ b/p11-kit/tests/test-uri.c
@@ -33,7 +33,7 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
 
 #include "debug.h"
 #include "message.h"
@@ -75,138 +75,138 @@ are_attributes_empty (P11KitUri *uri)
 }
 
 static void
-test_uri_parse (CuTest *tc)
+test_uri_parse (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:", P11_KIT_URI_FOR_MODULE, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
-	CuAssertTrue (tc, is_module_empty (uri));
-	CuAssertTrue (tc, is_token_empty (uri));
-	CuAssertTrue (tc, are_attributes_empty (uri));
+	assert (is_module_empty (uri));
+	assert (is_token_empty (uri));
+	assert (are_attributes_empty (uri));
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_bad_scheme (CuTest *tc)
+test_uri_parse_bad_scheme (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("http:\\example.com\test", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_SCHEME, ret);
+	assert_num_eq (P11_KIT_URI_BAD_SCHEME, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_with_label (CuTest *tc)
+test_uri_parse_with_label (void)
 {
 	CK_ATTRIBUTE_PTR attr;
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
-	CuAssertTrue (tc, is_module_empty (uri));
-	CuAssertTrue (tc, is_token_empty (uri));
+	assert (is_module_empty (uri));
+	assert (is_token_empty (uri));
 
 	attr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
-	CuAssertPtrNotNull (tc, attr);
-	CuAssertTrue (tc, attr->ulValueLen == strlen ("Test Label"));
-	CuAssertTrue (tc, memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0);
+	assert_ptr_not_null (attr);
+	assert (attr->ulValueLen == strlen ("Test Label"));
+	assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_with_label_and_klass (CuTest *tc)
+test_uri_parse_with_label_and_klass (void)
 {
 	CK_ATTRIBUTE_PTR attr;
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:object=Test%20Label;object-type=cert", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
-	CuAssertPtrNotNull (tc, attr);
-	CuAssertTrue (tc, attr->ulValueLen == strlen ("Test Label"));
-	CuAssertTrue (tc, memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0);
+	assert_ptr_not_null (attr);
+	assert (attr->ulValueLen == strlen ("Test Label"));
+	assert (memcmp (attr->pValue, "Test Label", attr->ulValueLen) == 0);
 
 	attr = p11_kit_uri_get_attribute (uri, CKA_CLASS);
-	CuAssertPtrNotNull (tc, attr);
-	CuAssertTrue (tc, attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
-	CuAssertTrue (tc, *((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE);
+	assert_ptr_not_null (attr);
+	assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
+	assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_CERTIFICATE);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_with_id (CuTest *tc)
+test_uri_parse_with_id (void)
 {
 	CK_ATTRIBUTE_PTR attr;
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:id=%54%45%53%54%00", P11_KIT_URI_FOR_OBJECT, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	/* Note that there's a NULL in the attribute (end) */
 	attr = p11_kit_uri_get_attribute (uri, CKA_ID);
-	CuAssertPtrNotNull (tc, attr);
-	CuAssertTrue (tc, attr->ulValueLen == 5);
-	CuAssertTrue (tc, memcmp (attr->pValue, "TEST", 5) == 0);
+	assert_ptr_not_null (attr);
+	assert (attr->ulValueLen == 5);
+	assert (memcmp (attr->pValue, "TEST", 5) == 0);
 
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_with_bad_string_encoding (CuTest *tc)
+test_uri_parse_with_bad_string_encoding (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:object=Test%", P11_KIT_URI_FOR_OBJECT, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_ENCODING, ret);
+	assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_with_bad_hex_encoding (CuTest *tc)
+test_uri_parse_with_bad_hex_encoding (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:object=T%xxest", P11_KIT_URI_FOR_OBJECT, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_ENCODING, ret);
+	assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret);
 
 	p11_kit_uri_free (uri);
 }
@@ -226,131 +226,131 @@ is_space_string (CK_UTF8CHAR_PTR string, CK_ULONG size, const char *check)
 }
 
 static void
-test_uri_parse_with_token (CuTest *tc)
+test_uri_parse_with_token (void)
 {
 	P11KitUri *uri = NULL;
 	CK_TOKEN_INFO_PTR token;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:token=Token%20Label;serial=3333;model=Deluxe;manufacturer=Me",
 	                         P11_KIT_URI_FOR_TOKEN, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	token = p11_kit_uri_get_token_info (uri);
-	CuAssertTrue (tc, is_space_string (token->label, sizeof (token->label), "Token Label"));
-	CuAssertTrue (tc, is_space_string (token->serialNumber, sizeof (token->serialNumber), "3333"));
-	CuAssertTrue (tc, is_space_string (token->model, sizeof (token->model), "Deluxe"));
-	CuAssertTrue (tc, is_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me"));
+	assert (is_space_string (token->label, sizeof (token->label), "Token Label"));
+	assert (is_space_string (token->serialNumber, sizeof (token->serialNumber), "3333"));
+	assert (is_space_string (token->model, sizeof (token->model), "Deluxe"));
+	assert (is_space_string (token->manufacturerID, sizeof (token->manufacturerID), "Me"));
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_with_token_bad_encoding (CuTest *tc)
+test_uri_parse_with_token_bad_encoding (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:token=Token%", P11_KIT_URI_FOR_TOKEN, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_ENCODING, ret);
+	assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_with_bad_syntax (CuTest *tc)
+test_uri_parse_with_bad_syntax (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:token", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_SYNTAX, ret);
+	assert_num_eq (P11_KIT_URI_BAD_SYNTAX, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_with_spaces (CuTest *tc)
+test_uri_parse_with_spaces (void)
 {
 	P11KitUri *uri = NULL;
 	CK_INFO_PTR info;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkc\ns11: lib rary-desc\rrip  \n  tion =The%20Library;\n\n\nlibrary-manufacturer=\rMe",
 	                         P11_KIT_URI_FOR_MODULE, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	info = p11_kit_uri_get_module_info (uri);
 
-	CuAssertTrue (tc, is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me"));
-	CuAssertTrue (tc, is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library"));
+	assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me"));
+	assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library"));
 
 	p11_kit_uri_free (uri);
 }
 
 
 static void
-test_uri_parse_with_library (CuTest *tc)
+test_uri_parse_with_library (void)
 {
 	P11KitUri *uri = NULL;
 	CK_INFO_PTR info;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-description=The%20Library;library-manufacturer=Me",
 	                         P11_KIT_URI_FOR_MODULE, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	info = p11_kit_uri_get_module_info (uri);
 
-	CuAssertTrue (tc, is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me"));
-	CuAssertTrue (tc, is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library"));
+	assert (is_space_string (info->manufacturerID, sizeof (info->manufacturerID), "Me"));
+	assert (is_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Library"));
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_with_library_bad_encoding (CuTest *tc)
+test_uri_parse_with_library_bad_encoding (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-description=Library%", P11_KIT_URI_FOR_MODULE, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_ENCODING, ret);
+	assert_num_eq (P11_KIT_URI_BAD_ENCODING, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_build_empty (CuTest *tc)
+test_uri_build_empty (void)
 {
 	P11KitUri *uri;
 	char *string;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
-	CuAssertStrEquals (tc, "pkcs11:", string);
+	assert_num_eq (P11_KIT_URI_OK, ret);
+	assert_str_eq ("pkcs11:", string);
 	free (string);
 
 	p11_kit_uri_free (uri);
@@ -366,7 +366,7 @@ set_space_string (CK_BYTE_PTR buffer, CK_ULONG length, const char *string)
 }
 
 static void
-test_uri_build_with_token_info (CuTest *tc)
+test_uri_build_with_token_info (void)
 {
 	char *string = NULL;
 	P11KitUri *uri;
@@ -375,7 +375,7 @@ test_uri_build_with_token_info (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	token = p11_kit_uri_get_token_info (uri);
 	set_space_string (token->label, sizeof (token->label), "The Label");
@@ -384,30 +384,30 @@ test_uri_build_with_token_info (CuTest *tc)
 	set_space_string (token->model, sizeof (token->model), "Deluxe");
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
-	CuAssertPtrNotNull (tc, string);
+	assert_num_eq (P11_KIT_URI_OK, ret);
+	assert_ptr_not_null (string);
 
 	check = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, check);
+	assert_ptr_not_null (check);
 
 	ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_TOKEN, check);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	p11_kit_uri_match_token_info (check, p11_kit_uri_get_token_info (uri));
 
 	p11_kit_uri_free (uri);
 	p11_kit_uri_free (check);
 
-	CuAssertTrue (tc, strstr (string, "token=The%20Label") != NULL);
-	CuAssertTrue (tc, strstr (string, "serial=44444") != NULL);
-	CuAssertTrue (tc, strstr (string, "manufacturer=Me") != NULL);
-	CuAssertTrue (tc, strstr (string, "model=Deluxe") != NULL);
+	assert (strstr (string, "token=The%20Label") != NULL);
+	assert (strstr (string, "serial=44444") != NULL);
+	assert (strstr (string, "manufacturer=Me") != NULL);
+	assert (strstr (string, "model=Deluxe") != NULL);
 
 	free (string);
 }
 
 static void
-test_uri_build_with_token_null_info (CuTest *tc)
+test_uri_build_with_token_null_info (void)
 {
 	char *string = NULL;
 	P11KitUri *uri;
@@ -415,23 +415,23 @@ test_uri_build_with_token_null_info (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	token = p11_kit_uri_get_token_info (uri);
 	set_space_string (token->label, sizeof (token->label), "The Label");
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
-	CuAssertTrue (tc, strstr (string, "token=The%20Label") != NULL);
-	CuAssertTrue (tc, strstr (string, "serial=") == NULL);
+	assert (strstr (string, "token=The%20Label") != NULL);
+	assert (strstr (string, "serial=") == NULL);
 
 	free (string);
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_build_with_token_empty_info (CuTest *tc)
+test_uri_build_with_token_empty_info (void)
 {
 	char *string = NULL;
 	P11KitUri *uri;
@@ -439,24 +439,24 @@ test_uri_build_with_token_empty_info (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	token = p11_kit_uri_get_token_info (uri);
 	set_space_string (token->label, sizeof (token->label), "");
 	set_space_string (token->serialNumber, sizeof (token->serialNumber), "");
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
-	CuAssertTrue (tc, strstr (string, "token=") != NULL);
-	CuAssertTrue (tc, strstr (string, "serial=") != NULL);
+	assert (strstr (string, "token=") != NULL);
+	assert (strstr (string, "serial=") != NULL);
 
 	free (string);
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_build_with_attributes (CuTest *tc)
+test_uri_build_with_attributes (void)
 {
 	char *string = NULL;
 	P11KitUri *uri;
@@ -467,7 +467,7 @@ test_uri_build_with_attributes (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	at.type = CKA_LABEL;
 	at.pValue = "The Label";
@@ -486,175 +486,175 @@ test_uri_build_with_attributes (CuTest *tc)
 	ret = p11_kit_uri_set_attribute (uri, &at);
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	check = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, check);
+	assert_ptr_not_null (check);
 
 	ret = p11_kit_uri_parse (string, P11_KIT_URI_FOR_ANY, check);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attr = p11_kit_uri_get_attribute (check, CKA_LABEL);
-	CuAssertPtrNotNull (tc, attr);
-	CuAssertTrue (tc, attr->ulValueLen == 9);
-	CuAssertTrue (tc, memcmp (attr->pValue, "The Label", attr->ulValueLen) == 0);
+	assert_ptr_not_null (attr);
+	assert (attr->ulValueLen == 9);
+	assert (memcmp (attr->pValue, "The Label", attr->ulValueLen) == 0);
 
 	attr = p11_kit_uri_get_attribute (check, CKA_CLASS);
-	CuAssertPtrNotNull (tc, attr);
-	CuAssertTrue (tc, attr->ulValueLen == sizeof (klass));
-	CuAssertTrue (tc, *((CK_OBJECT_CLASS_PTR)attr->pValue) == klass);
+	assert_ptr_not_null (attr);
+	assert (attr->ulValueLen == sizeof (klass));
+	assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == klass);
 
 	attr = p11_kit_uri_get_attribute (check, CKA_ID);
-	CuAssertPtrNotNull (tc, attr);
-	CuAssertTrue (tc, attr->ulValueLen == 5);
-	CuAssertTrue (tc, memcmp (attr->pValue, "HELLO", attr->ulValueLen) == 0);
+	assert_ptr_not_null (attr);
+	assert (attr->ulValueLen == 5);
+	assert (memcmp (attr->pValue, "HELLO", attr->ulValueLen) == 0);
 
 	p11_kit_uri_free (check);
 
-	CuAssertTrue (tc, strstr (string, "object=The%20Label") != NULL);
-	CuAssertTrue (tc, strstr (string, "object-type=data") != NULL);
-	CuAssertTrue (tc, strstr (string, "id=%48%45%4c%4c%4f") != NULL);
+	assert (strstr (string, "object=The%20Label") != NULL);
+	assert (strstr (string, "object-type=data") != NULL);
+	assert (strstr (string, "id=%48%45%4c%4c%4f") != NULL);
 
 	free (string);
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_private_key (CuTest *tc)
+test_uri_parse_private_key (void)
 {
 	P11KitUri *uri;
 	CK_ATTRIBUTE_PTR attr;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:object-type=private", P11_KIT_URI_FOR_OBJECT, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attr = p11_kit_uri_get_attribute (uri, CKA_CLASS);
-	CuAssertPtrNotNull (tc, attr);
-	CuAssertTrue (tc, attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
-	CuAssertTrue (tc, *((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_PRIVATE_KEY);
+	assert_ptr_not_null (attr);
+	assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
+	assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_PRIVATE_KEY);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_secret_key (CuTest *tc)
+test_uri_parse_secret_key (void)
 {
 	P11KitUri *uri;
 	CK_ATTRIBUTE_PTR attr;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:object-type=secret-key", P11_KIT_URI_FOR_OBJECT, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attr = p11_kit_uri_get_attribute (uri, CKA_CLASS);
-	CuAssertPtrNotNull (tc, attr);
-	CuAssertTrue (tc, attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
-	CuAssertTrue (tc, *((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_SECRET_KEY);
+	assert_ptr_not_null (attr);
+	assert (attr->ulValueLen == sizeof (CK_OBJECT_CLASS));
+	assert (*((CK_OBJECT_CLASS_PTR)attr->pValue) == CKO_SECRET_KEY);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_library_version (CuTest *tc)
+test_uri_parse_library_version (void)
 {
 	P11KitUri *uri;
 	CK_INFO_PTR info;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-version=2.101", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	info = p11_kit_uri_get_module_info (uri);
-	CuAssertIntEquals (tc, 2, info->libraryVersion.major);
-	CuAssertIntEquals (tc, 101, info->libraryVersion.minor);
+	assert_num_eq (2, info->libraryVersion.major);
+	assert_num_eq (101, info->libraryVersion.minor);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-version=23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	info = p11_kit_uri_get_module_info (uri);
-	CuAssertIntEquals (tc, 23, info->libraryVersion.major);
-	CuAssertIntEquals (tc, 0, info->libraryVersion.minor);
+	assert_num_eq (23, info->libraryVersion.major);
+	assert_num_eq (0, info->libraryVersion.minor);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-version=23.", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret);
+	assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-version=a.a", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret);
+	assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-version=.23", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret);
+	assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-version=1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret);
+	assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-version=2.1000", P11_KIT_URI_FOR_MODULE_WITH_VERSION, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_BAD_VERSION, ret);
+	assert_num_eq (P11_KIT_URI_BAD_VERSION, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_parse_unknown_object_type (CuTest *tc)
+test_uri_parse_parse_unknown_object_type (void)
 {
 	P11KitUri *uri;
 	CK_ATTRIBUTE_PTR attr;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:object-type=unknown", P11_KIT_URI_FOR_OBJECT, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attr = p11_kit_uri_get_attribute (uri, CKA_CLASS);
-	CuAssertPtrEquals (tc, NULL, attr);
+	assert_ptr_eq (NULL, attr);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_unrecognized (CuTest *tc)
+test_uri_parse_unrecognized (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:x-blah=some-value", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	ret = p11_kit_uri_any_unrecognized (uri);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_parse_too_long_is_unrecognized (CuTest *tc)
+test_uri_parse_too_long_is_unrecognized (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:model=a-value-that-is-too-long-for-the-field-that-it-goes-with",
 	                         P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	ret = p11_kit_uri_any_unrecognized (uri);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	p11_kit_uri_free (uri);
 }
@@ -662,7 +662,7 @@ test_uri_parse_too_long_is_unrecognized (CuTest *tc)
 
 
 static void
-test_uri_build_object_type_cert (CuTest *tc)
+test_uri_build_object_type_cert (void)
 {
 	CK_ATTRIBUTE attr;
 	CK_OBJECT_CLASS klass;
@@ -671,7 +671,7 @@ test_uri_build_object_type_cert (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	klass = CKO_CERTIFICATE;
 	attr.type = CKA_CLASS;
@@ -680,15 +680,15 @@ test_uri_build_object_type_cert (CuTest *tc)
 	p11_kit_uri_set_attribute (uri, &attr);
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
-	CuAssertTrue (tc, strstr (string, "object-type=cert") != NULL);
+	assert_num_eq (P11_KIT_URI_OK, ret);
+	assert (strstr (string, "object-type=cert") != NULL);
 
 	p11_kit_uri_free (uri);
 	free (string);
 }
 
 static void
-test_uri_build_object_type_private (CuTest *tc)
+test_uri_build_object_type_private (void)
 {
 	CK_ATTRIBUTE attr;
 	CK_OBJECT_CLASS klass;
@@ -697,7 +697,7 @@ test_uri_build_object_type_private (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	klass = CKO_PRIVATE_KEY;
 	attr.type = CKA_CLASS;
@@ -706,15 +706,15 @@ test_uri_build_object_type_private (CuTest *tc)
 	p11_kit_uri_set_attribute (uri, &attr);
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
-	CuAssertTrue (tc, strstr (string, "object-type=private") != NULL);
+	assert_num_eq (P11_KIT_URI_OK, ret);
+	assert (strstr (string, "object-type=private") != NULL);
 
 	p11_kit_uri_free (uri);
 	free (string);
 }
 
 static void
-test_uri_build_object_type_public (CuTest *tc)
+test_uri_build_object_type_public (void)
 {
 	CK_ATTRIBUTE attr;
 	CK_OBJECT_CLASS klass;
@@ -723,7 +723,7 @@ test_uri_build_object_type_public (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	klass = CKO_PUBLIC_KEY;
 	attr.type = CKA_CLASS;
@@ -732,15 +732,15 @@ test_uri_build_object_type_public (CuTest *tc)
 	p11_kit_uri_set_attribute (uri, &attr);
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
-	CuAssertTrue (tc, strstr (string, "object-type=public") != NULL);
+	assert_num_eq (P11_KIT_URI_OK, ret);
+	assert (strstr (string, "object-type=public") != NULL);
 
 	p11_kit_uri_free (uri);
 	free (string);
 }
 
 static void
-test_uri_build_object_type_secret (CuTest *tc)
+test_uri_build_object_type_secret (void)
 {
 	CK_ATTRIBUTE attr;
 	CK_OBJECT_CLASS klass;
@@ -749,7 +749,7 @@ test_uri_build_object_type_secret (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	klass = CKO_SECRET_KEY;
 	attr.type = CKA_CLASS;
@@ -758,15 +758,15 @@ test_uri_build_object_type_secret (CuTest *tc)
 	p11_kit_uri_set_attribute (uri, &attr);
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
-	CuAssertTrue (tc, strstr (string, "object-type=secret-key") != NULL);
+	assert_num_eq (P11_KIT_URI_OK, ret);
+	assert (strstr (string, "object-type=secret-key") != NULL);
 
 	p11_kit_uri_free (uri);
 	free (string);
 }
 
 static void
-test_uri_build_with_library (CuTest *tc)
+test_uri_build_with_library (void)
 {
 	CK_INFO_PTR info;
 	P11KitUri *uri;
@@ -774,21 +774,21 @@ test_uri_build_with_library (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	info = p11_kit_uri_get_module_info (uri);
 	set_space_string (info->libraryDescription, sizeof (info->libraryDescription), "The Description");
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
-	CuAssertTrue (tc, strstr (string, "library-description=The%20Description") != NULL);
+	assert_num_eq (P11_KIT_URI_OK, ret);
+	assert (strstr (string, "library-description=The%20Description") != NULL);
 
 	p11_kit_uri_free (uri);
 	free (string);
 }
 
 static void
-test_uri_build_library_version (CuTest *tc)
+test_uri_build_library_version (void)
 {
 	CK_INFO_PTR info;
 	P11KitUri *uri;
@@ -796,121 +796,121 @@ test_uri_build_library_version (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	info = p11_kit_uri_get_module_info (uri);
 	info->libraryVersion.major = 2;
 	info->libraryVersion.minor = 10;
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
-	CuAssertTrue (tc, strstr (string, "library-version=2.10") != NULL);
+	assert_num_eq (P11_KIT_URI_OK, ret);
+	assert (strstr (string, "library-version=2.10") != NULL);
 
 	p11_kit_uri_free (uri);
 	free (string);
 }
 
 static void
-test_uri_get_set_unrecognized (CuTest *tc)
+test_uri_get_set_unrecognized (void)
 {
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_any_unrecognized (uri);
-	CuAssertIntEquals (tc, 0, ret);
+	assert_num_eq (0, ret);
 
 	p11_kit_uri_set_unrecognized (uri, 1);
 
 	ret = p11_kit_uri_any_unrecognized (uri);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	p11_kit_uri_set_unrecognized (uri, 0);
 
 	ret = p11_kit_uri_any_unrecognized (uri);
-	CuAssertIntEquals (tc, 0, ret);
+	assert_num_eq (0, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_match_token (CuTest *tc)
+test_uri_match_token (void)
 {
 	CK_TOKEN_INFO token;
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:model=Giselle", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	set_space_string (token.label, sizeof (token.label), "A label");
 	set_space_string (token.model, sizeof (token.model), "Giselle");
 
 	ret = p11_kit_uri_match_token_info (uri, &token);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	set_space_string (token.label, sizeof (token.label), "Another label");
 
 	ret = p11_kit_uri_match_token_info (uri, &token);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	set_space_string (token.model, sizeof (token.model), "Zoolander");
 
 	ret = p11_kit_uri_match_token_info (uri, &token);
-	CuAssertIntEquals (tc, 0, ret);
+	assert_num_eq (0, ret);
 
 	p11_kit_uri_set_unrecognized (uri, 1);
 
 	ret = p11_kit_uri_match_token_info (uri, &token);
-	CuAssertIntEquals (tc, 0, ret);
+	assert_num_eq (0, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_match_module (CuTest *tc)
+test_uri_match_module (void)
 {
 	CK_INFO info;
 	P11KitUri *uri;
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-description=Quiet", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Quiet");
 	set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone");
 
 	ret = p11_kit_uri_match_module_info (uri, &info);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	set_space_string (info.manufacturerID, sizeof (info.manufacturerID), "Someone else");
 
 	ret = p11_kit_uri_match_module_info (uri, &info);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	set_space_string (info.libraryDescription, sizeof (info.libraryDescription), "Leise");
 
 	ret = p11_kit_uri_match_module_info (uri, &info);
-	CuAssertIntEquals (tc, 0, ret);
+	assert_num_eq (0, ret);
 
 	p11_kit_uri_set_unrecognized (uri, 1);
 
 	ret = p11_kit_uri_match_module_info (uri, &info);
-	CuAssertIntEquals (tc, 0, ret);
+	assert_num_eq (0, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_match_version (CuTest *tc)
+test_uri_match_version (void)
 {
 	CK_INFO info;
 	P11KitUri *uri;
@@ -919,28 +919,28 @@ test_uri_match_version (CuTest *tc)
 	memset (&info, 0, sizeof (info));
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:library-version=5.8", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	info.libraryVersion.major = 5;
 	info.libraryVersion.minor = 8;
 
 	ret = p11_kit_uri_match_module_info (uri, &info);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	info.libraryVersion.major = 2;
 	info.libraryVersion.minor = 3;
 
 	ret = p11_kit_uri_match_module_info (uri, &info);
-	CuAssertIntEquals (tc, 0, ret);
+	assert_num_eq (0, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_match_attributes (CuTest *tc)
+test_uri_match_attributes (void)
 {
 	CK_ATTRIBUTE attrs[4];
 	CK_OBJECT_CLASS klass;
@@ -965,40 +965,40 @@ test_uri_match_attributes (CuTest *tc)
 	attrs[3].ulValueLen = sizeof (klass);
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ret = p11_kit_uri_parse ("pkcs11:object=Fancy;id=Blah;object-type=data", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	ret = p11_kit_uri_match_attributes (uri, attrs, 4);
-	CuAssertIntEquals (tc, 0, ret);
+	assert_num_eq (0, ret);
 
 	attrs[1].pValue = "Fancy";
 	attrs[1].ulValueLen = 5;
 
 	ret = p11_kit_uri_match_attributes (uri, attrs, 4);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	p11_kit_uri_clear_attribute (uri, CKA_CLASS);
 
 	ret = p11_kit_uri_match_attributes (uri, attrs, 4);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	attrs[2].pValue = "pink";
 
 	ret = p11_kit_uri_match_attributes (uri, attrs, 4);
-	CuAssertIntEquals (tc, 1, ret);
+	assert_num_eq (1, ret);
 
 	p11_kit_uri_set_unrecognized (uri, 1);
 
 	ret = p11_kit_uri_match_attributes (uri, attrs, 4);
-	CuAssertIntEquals (tc, 0, ret);
+	assert_num_eq (0, ret);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_get_set_attribute (CuTest *tc)
+test_uri_get_set_attribute (void)
 {
 	CK_ATTRIBUTE attr;
 	CK_ATTRIBUTE_PTR ptr;
@@ -1006,51 +1006,51 @@ test_uri_get_set_attribute (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
-	CuAssertPtrEquals (tc, NULL, ptr);
+	assert_ptr_eq (NULL, ptr);
 
 	ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	ret = p11_kit_uri_clear_attribute (uri, CKA_COLOR);
-	CuAssertIntEquals (tc, P11_KIT_URI_NOT_FOUND, ret);
+	assert_num_eq (P11_KIT_URI_NOT_FOUND, ret);
 
 	attr.type = CKA_LABEL;
 	attr.pValue = "Test";
 	attr.ulValueLen = 4;
 
 	ret = p11_kit_uri_set_attribute (uri, &attr);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	/* We can set other attributes */
 	attr.type = CKA_COLOR;
 	ret = p11_kit_uri_set_attribute (uri, &attr);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	/* And get them too */
 	ptr = p11_kit_uri_get_attribute (uri, CKA_COLOR);
-	CuAssertPtrNotNull (tc, ptr);
+	assert_ptr_not_null (ptr);
 
 	ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
-	CuAssertPtrNotNull (tc, ptr);
+	assert_ptr_not_null (ptr);
 
-	CuAssertTrue (tc, ptr->type == CKA_LABEL);
-	CuAssertTrue (tc, ptr->ulValueLen == 4);
-	CuAssertTrue (tc, memcmp (ptr->pValue, "Test", 4) == 0);
+	assert (ptr->type == CKA_LABEL);
+	assert (ptr->ulValueLen == 4);
+	assert (memcmp (ptr->pValue, "Test", 4) == 0);
 
 	ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	ptr = p11_kit_uri_get_attribute (uri, CKA_LABEL);
-	CuAssertPtrEquals (tc, NULL, ptr);
+	assert_ptr_eq (NULL, ptr);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_get_set_attributes (CuTest *tc)
+test_uri_get_set_attributes (void)
 {
 	CK_ATTRIBUTE_PTR attrs;
 	CK_OBJECT_CLASS klass;
@@ -1060,39 +1060,39 @@ test_uri_get_set_attributes (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
-	CuAssertPtrNotNull (tc, attrs);
-	CuAssertIntEquals (tc, 0, n_attrs);
+	assert_ptr_not_null (attrs);
+	assert_num_eq (0, n_attrs);
 
 	attr.type = CKA_LABEL;
 	attr.pValue = "Test";
 	attr.ulValueLen = 4;
 
 	ret = p11_kit_uri_set_attribute (uri, &attr);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
-	CuAssertPtrNotNull (tc, attrs);
-	CuAssertIntEquals (tc, 1, n_attrs);
-	CuAssertTrue (tc, attrs[0].type == CKA_LABEL);
-	CuAssertTrue (tc, attrs[0].ulValueLen == 4);
-	CuAssertTrue (tc, memcmp (attrs[0].pValue, "Test", 4) == 0);
+	assert_ptr_not_null (attrs);
+	assert_num_eq (1, n_attrs);
+	assert (attrs[0].type == CKA_LABEL);
+	assert (attrs[0].ulValueLen == 4);
+	assert (memcmp (attrs[0].pValue, "Test", 4) == 0);
 
 	attr.type = CKA_LABEL;
 	attr.pValue = "Kablooey";
 	attr.ulValueLen = 8;
 
 	ret = p11_kit_uri_set_attribute (uri, &attr);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
-	CuAssertPtrNotNull (tc, attrs);
-	CuAssertIntEquals (tc, 1, n_attrs);
-	CuAssertTrue (tc, attrs[0].type == CKA_LABEL);
-	CuAssertTrue (tc, attrs[0].ulValueLen == 8);
-	CuAssertTrue (tc, memcmp (attrs[0].pValue, "Kablooey", 8) == 0);
+	assert_ptr_not_null (attrs);
+	assert_num_eq (1, n_attrs);
+	assert (attrs[0].type == CKA_LABEL);
+	assert (attrs[0].ulValueLen == 8);
+	assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0);
 
 	klass = CKO_DATA;
 	attr.type = CKA_CLASS;
@@ -1100,52 +1100,52 @@ test_uri_get_set_attributes (CuTest *tc)
 	attr.ulValueLen = sizeof (klass);
 
 	ret = p11_kit_uri_set_attribute (uri, &attr);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
-	CuAssertPtrNotNull (tc, attrs);
-	CuAssertIntEquals (tc, 2, n_attrs);
-	CuAssertTrue (tc, attrs[0].type == CKA_LABEL);
-	CuAssertTrue (tc, attrs[0].ulValueLen == 8);
-	CuAssertTrue (tc, memcmp (attrs[0].pValue, "Kablooey", 8) == 0);
-	CuAssertTrue (tc, attrs[1].type == CKA_CLASS);
-	CuAssertTrue (tc, attrs[1].ulValueLen == sizeof (klass));
-	CuAssertTrue (tc, memcmp (attrs[1].pValue, &klass, sizeof (klass)) == 0);
+	assert_ptr_not_null (attrs);
+	assert_num_eq (2, n_attrs);
+	assert (attrs[0].type == CKA_LABEL);
+	assert (attrs[0].ulValueLen == 8);
+	assert (memcmp (attrs[0].pValue, "Kablooey", 8) == 0);
+	assert (attrs[1].type == CKA_CLASS);
+	assert (attrs[1].ulValueLen == sizeof (klass));
+	assert (memcmp (attrs[1].pValue, &klass, sizeof (klass)) == 0);
 
 	ret = p11_kit_uri_clear_attribute (uri, CKA_LABEL);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
-	CuAssertPtrNotNull (tc, attrs);
-	CuAssertIntEquals (tc, 1, n_attrs);
-	CuAssertTrue (tc, attrs[0].type == CKA_CLASS);
-	CuAssertTrue (tc, attrs[0].ulValueLen == sizeof (klass));
-	CuAssertTrue (tc, memcmp (attrs[0].pValue, &klass, sizeof (klass)) == 0);
+	assert_ptr_not_null (attrs);
+	assert_num_eq (1, n_attrs);
+	assert (attrs[0].type == CKA_CLASS);
+	assert (attrs[0].ulValueLen == sizeof (klass));
+	assert (memcmp (attrs[0].pValue, &klass, sizeof (klass)) == 0);
 
 	attr.type = CKA_LABEL;
 	attr.pValue = "Three";
 	attr.ulValueLen = 5;
 
 	ret = p11_kit_uri_set_attributes (uri, &attr, 1);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
-	CuAssertPtrNotNull (tc, attrs);
-	CuAssertIntEquals (tc, 1, n_attrs);
-	CuAssertTrue (tc, attrs[0].type == CKA_LABEL);
-	CuAssertTrue (tc, attrs[0].ulValueLen == 5);
-	CuAssertTrue (tc, memcmp (attrs[0].pValue, "Three", 5) == 0);
+	assert_ptr_not_null (attrs);
+	assert_num_eq (1, n_attrs);
+	assert (attrs[0].type == CKA_LABEL);
+	assert (attrs[0].ulValueLen == 5);
+	assert (memcmp (attrs[0].pValue, "Three", 5) == 0);
 
 	p11_kit_uri_clear_attributes (uri);
 
 	attrs = p11_kit_uri_get_attributes (uri, &n_attrs);
-	CuAssertPtrNotNull (tc, attrs);
-	CuAssertIntEquals (tc, 0, n_attrs);
+	assert_ptr_not_null (attrs);
+	assert_num_eq (0, n_attrs);
 
 	p11_kit_uri_free (uri);
 }
 static void
-test_uri_pin_source (CuTest *tc)
+test_uri_pin_source (void)
 {
 	P11KitUri *uri;
 	const char *pin_source;
@@ -1153,106 +1153,93 @@ test_uri_pin_source (CuTest *tc)
 	int ret;
 
 	uri = p11_kit_uri_new ();
-	CuAssertPtrNotNull (tc, uri);
+	assert_ptr_not_null (uri);
 
 	p11_kit_uri_set_pin_source (uri, "|my-pin-source");
 
 	pin_source = p11_kit_uri_get_pin_source (uri);
-	CuAssertStrEquals (tc, "|my-pin-source", pin_source);
+	assert_str_eq ("|my-pin-source", pin_source);
 
 	pin_source = p11_kit_uri_get_pinfile (uri);
-	CuAssertStrEquals (tc, "|my-pin-source", pin_source);
+	assert_str_eq ("|my-pin-source", pin_source);
 
 	p11_kit_uri_set_pinfile (uri, "|my-pin-file");
 
 	pin_source = p11_kit_uri_get_pin_source (uri);
-	CuAssertStrEquals (tc, "|my-pin-file", pin_source);
+	assert_str_eq ("|my-pin-file", pin_source);
 
 	ret = p11_kit_uri_format (uri, P11_KIT_URI_FOR_ANY, &string);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
-	CuAssertTrue (tc, strstr (string, "pin-source=%7cmy-pin-file") != NULL);
+	assert_num_eq (P11_KIT_URI_OK, ret);
+	assert (strstr (string, "pin-source=%7cmy-pin-file") != NULL);
 	free (string);
 
 	ret = p11_kit_uri_parse ("pkcs11:pin-source=blah%2Fblah", P11_KIT_URI_FOR_ANY, uri);
-	CuAssertIntEquals (tc, P11_KIT_URI_OK, ret);
+	assert_num_eq (P11_KIT_URI_OK, ret);
 
 	pin_source = p11_kit_uri_get_pin_source (uri);
-	CuAssertStrEquals (tc, "blah/blah", pin_source);
+	assert_str_eq ("blah/blah", pin_source);
 
 	p11_kit_uri_free (uri);
 }
 
 static void
-test_uri_free_null (CuTest *tc)
+test_uri_free_null (void)
 {
 	p11_kit_uri_free (NULL);
 }
 
 static void
-test_uri_message (CuTest *tc)
+test_uri_message (void)
 {
-	CuAssertTrue (tc, p11_kit_uri_message (P11_KIT_URI_OK) == NULL);
-	CuAssertPtrNotNull (tc, p11_kit_uri_message (P11_KIT_URI_UNEXPECTED));
-	CuAssertPtrNotNull (tc, p11_kit_uri_message (-555555));
+	assert (p11_kit_uri_message (P11_KIT_URI_OK) == NULL);
+	assert_ptr_not_null (p11_kit_uri_message (P11_KIT_URI_UNEXPECTED));
+	assert_ptr_not_null (p11_kit_uri_message (-555555));
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_uri_parse);
-	SUITE_ADD_TEST (suite, test_uri_parse_bad_scheme);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_label);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_label_and_klass);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_id);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_bad_string_encoding);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_bad_hex_encoding);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_token);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_token_bad_encoding);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_bad_syntax);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_spaces);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_library);
-	SUITE_ADD_TEST (suite, test_uri_parse_with_library_bad_encoding);
-	SUITE_ADD_TEST (suite, test_uri_build_empty);
-	SUITE_ADD_TEST (suite, test_uri_build_with_token_info);
-	SUITE_ADD_TEST (suite, test_uri_build_with_token_null_info);
-	SUITE_ADD_TEST (suite, test_uri_build_with_token_empty_info);
-	SUITE_ADD_TEST (suite, test_uri_build_with_attributes);
-	SUITE_ADD_TEST (suite, test_uri_parse_private_key);
-	SUITE_ADD_TEST (suite, test_uri_parse_secret_key);
-	SUITE_ADD_TEST (suite, test_uri_parse_library_version);
-	SUITE_ADD_TEST (suite, test_uri_parse_parse_unknown_object_type);
-	SUITE_ADD_TEST (suite, test_uri_parse_unrecognized);
-	SUITE_ADD_TEST (suite, test_uri_parse_too_long_is_unrecognized);
-	SUITE_ADD_TEST (suite, test_uri_build_object_type_cert);
-	SUITE_ADD_TEST (suite, test_uri_build_object_type_private);
-	SUITE_ADD_TEST (suite, test_uri_build_object_type_public);
-	SUITE_ADD_TEST (suite, test_uri_build_object_type_secret);
-	SUITE_ADD_TEST (suite, test_uri_build_with_library);
-	SUITE_ADD_TEST (suite, test_uri_build_library_version);
-	SUITE_ADD_TEST (suite, test_uri_get_set_unrecognized);
-	SUITE_ADD_TEST (suite, test_uri_match_token);
-	SUITE_ADD_TEST (suite, test_uri_match_module);
-	SUITE_ADD_TEST (suite, test_uri_match_version);
-	SUITE_ADD_TEST (suite, test_uri_match_attributes);
-	SUITE_ADD_TEST (suite, test_uri_get_set_attribute);
-	SUITE_ADD_TEST (suite, test_uri_get_set_attributes);
-	SUITE_ADD_TEST (suite, test_uri_pin_source);
-	SUITE_ADD_TEST (suite, test_uri_free_null);
-	SUITE_ADD_TEST (suite, test_uri_message);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-	return ret;
+	p11_test (test_uri_parse, "/uri/test_uri_parse");
+	p11_test (test_uri_parse_bad_scheme, "/uri/test_uri_parse_bad_scheme");
+	p11_test (test_uri_parse_with_label, "/uri/test_uri_parse_with_label");
+	p11_test (test_uri_parse_with_label_and_klass, "/uri/test_uri_parse_with_label_and_klass");
+	p11_test (test_uri_parse_with_id, "/uri/test_uri_parse_with_id");
+	p11_test (test_uri_parse_with_bad_string_encoding, "/uri/test_uri_parse_with_bad_string_encoding");
+	p11_test (test_uri_parse_with_bad_hex_encoding, "/uri/test_uri_parse_with_bad_hex_encoding");
+	p11_test (test_uri_parse_with_token, "/uri/test_uri_parse_with_token");
+	p11_test (test_uri_parse_with_token_bad_encoding, "/uri/test_uri_parse_with_token_bad_encoding");
+	p11_test (test_uri_parse_with_bad_syntax, "/uri/test_uri_parse_with_bad_syntax");
+	p11_test (test_uri_parse_with_spaces, "/uri/test_uri_parse_with_spaces");
+	p11_test (test_uri_parse_with_library, "/uri/test_uri_parse_with_library");
+	p11_test (test_uri_parse_with_library_bad_encoding, "/uri/test_uri_parse_with_library_bad_encoding");
+	p11_test (test_uri_build_empty, "/uri/test_uri_build_empty");
+	p11_test (test_uri_build_with_token_info, "/uri/test_uri_build_with_token_info");
+	p11_test (test_uri_build_with_token_null_info, "/uri/test_uri_build_with_token_null_info");
+	p11_test (test_uri_build_with_token_empty_info, "/uri/test_uri_build_with_token_empty_info");
+	p11_test (test_uri_build_with_attributes, "/uri/test_uri_build_with_attributes");
+	p11_test (test_uri_parse_private_key, "/uri/test_uri_parse_private_key");
+	p11_test (test_uri_parse_secret_key, "/uri/test_uri_parse_secret_key");
+	p11_test (test_uri_parse_library_version, "/uri/test_uri_parse_library_version");
+	p11_test (test_uri_parse_parse_unknown_object_type, "/uri/test_uri_parse_parse_unknown_object_type");
+	p11_test (test_uri_parse_unrecognized, "/uri/test_uri_parse_unrecognized");
+	p11_test (test_uri_parse_too_long_is_unrecognized, "/uri/test_uri_parse_too_long_is_unrecognized");
+	p11_test (test_uri_build_object_type_cert, "/uri/test_uri_build_object_type_cert");
+	p11_test (test_uri_build_object_type_private, "/uri/test_uri_build_object_type_private");
+	p11_test (test_uri_build_object_type_public, "/uri/test_uri_build_object_type_public");
+	p11_test (test_uri_build_object_type_secret, "/uri/test_uri_build_object_type_secret");
+	p11_test (test_uri_build_with_library, "/uri/test_uri_build_with_library");
+	p11_test (test_uri_build_library_version, "/uri/test_uri_build_library_version");
+	p11_test (test_uri_get_set_unrecognized, "/uri/test_uri_get_set_unrecognized");
+	p11_test (test_uri_match_token, "/uri/test_uri_match_token");
+	p11_test (test_uri_match_module, "/uri/test_uri_match_module");
+	p11_test (test_uri_match_version, "/uri/test_uri_match_version");
+	p11_test (test_uri_match_attributes, "/uri/test_uri_match_attributes");
+	p11_test (test_uri_get_set_attribute, "/uri/test_uri_get_set_attribute");
+	p11_test (test_uri_get_set_attributes, "/uri/test_uri_get_set_attributes");
+	p11_test (test_uri_pin_source, "/uri/test_uri_pin_source");
+	p11_test (test_uri_free_null, "/uri/test_uri_free_null");
+	p11_test (test_uri_message, "/uri/test_uri_message");
+
+	return p11_test_run (argc, argv);
 }
diff --git a/p11-kit/tests/test-virtual.c b/p11-kit/tests/test-virtual.c
new file mode 100644
index 0000000..73777d3
--- /dev/null
+++ b/p11-kit/tests/test-virtual.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright (c) 2012 Stefan Walter
+ * Copyright (c) 2012 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#include "config.h"
+
+#include "library.h"
+#include "p11-kit.h"
+#include "private.h"
+#include "virtual.h"
+
+#include "test.h"
+
+#include "mock.h"
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+/*
+ * test-managed.c is a pretty good test of the closure code, so we
+ * just test a few things here.
+ */
+
+typedef struct {
+	p11_virtual virt;
+	void *check;
+} Override;
+
+static CK_RV
+override_initialize (CK_X_FUNCTION_LIST *self,
+                     CK_VOID_PTR args)
+{
+	Override *over = (Override *)self;
+
+	assert_str_eq ("initialize-arg", args);
+	assert_str_eq ("overide-arg", over->check);
+
+	/* An arbitrary error code to check */
+	return CKR_NEED_TO_CREATE_THREADS;
+}
+
+static bool test_destroyed = false;
+
+static void
+test_destroyer (void *data)
+{
+	assert (data == &mock_x_module_no_slots);
+	assert (test_destroyed == false);
+	test_destroyed = true;
+}
+
+static void
+test_initialize (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	Override over = { };
+	CK_RV rv;
+
+	p11_virtual_init (&over.virt, &p11_virtual_stack, &mock_x_module_no_slots, test_destroyer);
+	over.virt.funcs.C_Initialize = override_initialize;
+	over.check = "overide-arg";
+	test_destroyed = false;
+
+	module = p11_virtual_wrap (&over.virt, (p11_destroyer)p11_virtual_uninit);
+	assert_ptr_not_null (module);
+
+	rv = (module->C_Initialize) ("initialize-arg");
+	assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv);
+
+	p11_virtual_unwrap (module);
+	assert_num_eq (true, test_destroyed);
+}
+
+static void
+test_fall_through (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	Override over = { };
+	p11_virtual base;
+	CK_RV rv;
+
+	p11_virtual_init (&base, &p11_virtual_base, &mock_module_no_slots, NULL);
+	p11_virtual_init (&over.virt, &p11_virtual_stack, &base, NULL);
+	over.virt.funcs.C_Initialize = override_initialize;
+	over.check = "overide-arg";
+
+	module = p11_virtual_wrap (&over.virt, NULL);
+	assert_ptr_not_null (module);
+
+	rv = (module->C_Initialize) ("initialize-arg");
+	assert_num_eq (CKR_NEED_TO_CREATE_THREADS, rv);
+
+	/* All other functiosn should have just fallen through */
+	assert_ptr_eq (mock_module_no_slots.C_Finalize, module->C_Finalize);
+
+	p11_virtual_unwrap (module);
+}
+
+static void
+test_get_function_list (void)
+{
+	CK_FUNCTION_LIST_PTR module;
+	CK_FUNCTION_LIST_PTR list;
+	p11_virtual virt;
+	CK_RV rv;
+
+	p11_virtual_init (&virt, &p11_virtual_base, &mock_x_module_no_slots, NULL);
+	module = p11_virtual_wrap (&virt, NULL);
+	assert_ptr_not_null (module);
+
+	rv = (module->C_GetFunctionList) (&list);
+	assert_num_eq (CKR_OK, rv);
+	assert_ptr_eq (module, list);
+
+	rv = (module->C_GetFunctionList) (&list);
+	assert_num_eq (CKR_OK, rv);
+
+	rv = (module->C_GetFunctionList) (NULL);
+	assert_num_eq (CKR_ARGUMENTS_BAD, rv);
+
+	p11_virtual_unwrap (module);
+}
+
+int
+main (int argc,
+      char *argv[])
+{
+	mock_module_init ();
+	p11_library_init ();
+
+	assert (p11_virtual_can_wrap ());
+	p11_test (test_initialize, "/virtual/test_initialize");
+	p11_test (test_fall_through, "/virtual/test_fall_through");
+	p11_test (test_get_function_list, "/virtual/test_get_function_list");
+
+	return p11_test_run (argc, argv);
+}
diff --git a/p11-kit/util.c b/p11-kit/util.c
index c4e5636..14c24f6 100644
--- a/p11-kit/util.c
+++ b/p11-kit/util.c
@@ -44,6 +44,7 @@
 #include "message.h"
 #include "p11-kit.h"
 #include "private.h"
+#include "proxy.h"
 
 #include 
 #include 
@@ -258,6 +259,7 @@ __attribute__((destructor))
 void
 _p11_kit_fini (void)
 {
+	p11_proxy_module_cleanup ();
 	p11_library_uninit ();
 }
 
@@ -280,6 +282,7 @@ DllMain (HINSTANCE instance,
 		p11_library_thread_cleanup ();
 		break;
 	case DLL_PROCESS_DETACH:
+		p11_proxy_module_cleanup ();
 		p11_library_uninit ();
 		break;
 	default:
diff --git a/p11-kit/virtual.c b/p11-kit/virtual.c
new file mode 100644
index 0000000..104ece0
--- /dev/null
+++ b/p11-kit/virtual.c
@@ -0,0 +1,2964 @@
+/*
+ * Copyright (C) 2008 Stefan Walter
+ * Copyright (C) 2012 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#include "config.h"
+
+#include "compat.h"
+#define P11_DEBUG_FLAG P11_DEBUG_LIB
+#include "debug.h"
+#include "library.h"
+#include "virtual.h"
+
+#include 
+#include 
+#include 
+#include 
+
+#ifdef WITH_FFI
+
+/*
+ * We use libffi to build closures. Note that even with libffi certain
+ * platforms do not support using ffi_closure. In this case FFI_CLOSURES will
+ * not be defined. This is checked in configure.ac
+ */
+
+#include "ffi.h"
+#ifndef FFI_CLOSURES
+#error "FFI_CLOSURES should be checked in configure.ac"
+#endif
+
+/* There are 66 functions in PKCS#11, with a maximum of 8 args */
+#define MAX_FUNCTIONS 66
+#define MAX_ARGS 10
+
+typedef struct {
+	/* This is first so we can cast between CK_FUNCTION_LIST* and Context* */
+	CK_FUNCTION_LIST bound;
+
+	/* The PKCS#11 functions to call into */
+	p11_virtual *virt;
+	p11_destroyer destroyer;
+
+	/* A list of our libffi built closures, for cleanup later */
+	ffi_closure *ffi_closures[MAX_FUNCTIONS];
+	ffi_cif ffi_cifs[MAX_FUNCTIONS];
+	int ffi_used;
+} Wrapper;
+
+static CK_RV
+short_C_GetFunctionStatus (CK_SESSION_HANDLE handle)
+{
+	return CKR_FUNCTION_NOT_PARALLEL;
+}
+
+static CK_RV
+short_C_CancelFunction (CK_SESSION_HANDLE handle)
+{
+	return CKR_FUNCTION_NOT_PARALLEL;
+}
+
+static void
+binding_C_GetFunctionList (ffi_cif *cif,
+                           CK_RV *ret,
+                           void* args[],
+                           Wrapper *wrapper)
+{
+	CK_FUNCTION_LIST_PTR_PTR list = *(CK_FUNCTION_LIST_PTR_PTR *)args[0];
+
+	if (list == NULL) {
+		*ret = CKR_ARGUMENTS_BAD;
+	} else {
+		*list = &wrapper->bound;
+		*ret = CKR_OK;
+	}
+}
+
+static void
+binding_C_Initialize (ffi_cif *cif,
+                      CK_RV *ret,
+                      void* args[],
+                      CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_Initialize (funcs,
+	                            *(CK_VOID_PTR *)args[0]);
+}
+
+static void
+binding_C_Finalize (ffi_cif *cif,
+                    CK_RV *ret,
+                    void* args[],
+                    CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_Finalize (funcs,
+	                          *(CK_VOID_PTR *)args[0]);
+}
+
+static void
+binding_C_GetInfo (ffi_cif *cif,
+                   CK_RV *ret,
+                   void* args[],
+                   CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetInfo (funcs,
+	                         *(CK_INFO_PTR *)args[0]);
+}
+
+static void
+binding_C_GetSlotList (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetSlotList (funcs,
+	                             *(CK_BBOOL *)args[0],
+	                             *(CK_SLOT_ID_PTR *)args[1],
+	                             *(CK_ULONG_PTR *)args[2]);
+}
+
+static void
+binding_C_GetSlotInfo (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetSlotInfo (funcs,
+	                             *(CK_SLOT_ID *)args[0],
+	                             *(CK_SLOT_INFO_PTR *)args[1]);
+}
+
+static void
+binding_C_GetTokenInfo (ffi_cif *cif,
+                        CK_RV *ret,
+                        void* args[],
+                        CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetTokenInfo (funcs,
+	                              *(CK_SLOT_ID *)args[0],
+	                              *(CK_TOKEN_INFO_PTR *)args[1]);
+}
+
+static void
+binding_C_WaitForSlotEvent (ffi_cif *cif,
+                            CK_RV *ret,
+                            void* args[],
+                            CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_WaitForSlotEvent (funcs,
+	                                  *(CK_FLAGS *)args[0],
+	                                  *(CK_SLOT_ID_PTR *)args[1],
+	                                  *(CK_VOID_PTR *)args[2]);
+}
+
+static void
+binding_C_GetMechanismList (ffi_cif *cif,
+                            CK_RV *ret,
+                            void* args[],
+                            CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetMechanismList (funcs,
+	                                  *(CK_SLOT_ID *)args[0],
+	                                  *(CK_MECHANISM_TYPE_PTR *)args[1],
+	                                  *(CK_ULONG_PTR *)args[2]);
+}
+
+static void
+binding_C_GetMechanismInfo (ffi_cif *cif,
+                            CK_RV *ret,
+                            void* args[],
+                            CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetMechanismInfo (funcs,
+	                                  *(CK_SLOT_ID *)args[0],
+	                                  *(CK_MECHANISM_TYPE *)args[1],
+	                                  *(CK_MECHANISM_INFO_PTR *)args[2]);
+}
+
+static void
+binding_C_InitToken (ffi_cif *cif,
+                     CK_RV *ret,
+                     void* args[],
+                     CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_InitToken (funcs,
+	                           *(CK_SLOT_ID *)args[0],
+	                           *(CK_BYTE_PTR *)args[1],
+	                           *(CK_ULONG *)args[2],
+	                           *(CK_BYTE_PTR *)args[3]);
+}
+
+static void
+binding_C_InitPIN (ffi_cif *cif,
+                   CK_RV *ret,
+                   void* args[],
+                   CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_InitPIN (funcs,
+	                         *(CK_SESSION_HANDLE *)args[0],
+	                         *(CK_BYTE_PTR *)args[1],
+	                         *(CK_ULONG *)args[2]);
+}
+
+static void
+binding_C_SetPIN (ffi_cif *cif,
+                  CK_RV *ret,
+                  void* args[],
+                  CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SetPIN (funcs,
+	                        *(CK_SESSION_HANDLE *)args[0],
+	                        *(CK_BYTE_PTR *)args[1],
+	                        *(CK_ULONG *)args[2],
+	                        *(CK_BYTE_PTR *)args[3],
+	                        *(CK_ULONG *)args[4]);
+}
+
+static void
+binding_C_OpenSession (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_OpenSession (funcs,
+	                             *(CK_SLOT_ID *)args[0],
+	                             *(CK_FLAGS *)args[1],
+	                             *(CK_VOID_PTR *)args[2],
+	                             *(CK_NOTIFY *)args[3],
+	                             *(CK_SESSION_HANDLE_PTR *)args[4]);
+}
+
+static void
+binding_C_CloseSession (ffi_cif *cif,
+                        CK_RV *ret,
+                        void* args[],
+                        CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_CloseSession (funcs,
+	                              *(CK_SESSION_HANDLE *)args[0]);
+}
+
+static void
+binding_C_CloseAllSessions (ffi_cif *cif,
+                            CK_RV *ret,
+                            void* args[],
+                            CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_CloseAllSessions (funcs,
+	                                  *(CK_SLOT_ID *)args[0]);
+}
+
+static void
+binding_C_GetSessionInfo (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetSessionInfo (funcs,
+	                                *(CK_SESSION_HANDLE *)args[0],
+	                                *(CK_SESSION_INFO_PTR *)args[1]);
+}
+
+static void
+binding_C_GetOperationState (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetOperationState (funcs,
+	                                   *(CK_SESSION_HANDLE *)args[0],
+	                                   *(CK_BYTE_PTR *)args[1],
+	                                   *(CK_ULONG_PTR *)args[2]);
+}
+
+static void
+binding_C_SetOperationState (ffi_cif *cif,
+                             CK_RV *ret,
+                             void* args[],
+                             CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SetOperationState (funcs,
+	                                   *(CK_SESSION_HANDLE *)args[0],
+	                                   *(CK_BYTE_PTR *)args[1],
+	                                   *(CK_ULONG *)args[2],
+	                                   *(CK_OBJECT_HANDLE *)args[3],
+	                                   *(CK_OBJECT_HANDLE *)args[4]);
+}
+
+static void
+binding_C_Login (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_Login (funcs,
+	                       *(CK_SESSION_HANDLE *)args[0],
+	                       *(CK_USER_TYPE *)args[1],
+	                       *(CK_BYTE_PTR *)args[2],
+	                       *(CK_ULONG *)args[3]);
+}
+
+static void
+binding_C_Logout (ffi_cif *cif,
+                  CK_RV *ret,
+                  void* args[],
+                  CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_Logout (funcs,
+	                        *(CK_SESSION_HANDLE *)args[0]);
+}
+
+static void
+binding_C_CreateObject (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_CreateObject (funcs,
+	                              *(CK_SESSION_HANDLE *)args[0],
+	                              *(CK_ATTRIBUTE_PTR *)args[1],
+	                              *(CK_ULONG *)args[2],
+	                              *(CK_OBJECT_HANDLE_PTR *)args[3]);
+}
+
+static void
+binding_C_CopyObject (ffi_cif *cif,
+                      CK_RV *ret,
+                      void* args[],
+                      CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_CopyObject (funcs,
+	                            *(CK_SESSION_HANDLE *)args[0],
+	                            *(CK_OBJECT_HANDLE *)args[1],
+	                            *(CK_ATTRIBUTE_PTR *)args[2],
+	                            *(CK_ULONG *)args[3],
+	                            *(CK_OBJECT_HANDLE_PTR *)args[4]);
+}
+
+static void
+binding_C_DestroyObject (ffi_cif *cif,
+                         CK_RV *ret,
+                         void* args[],
+                         CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DestroyObject (funcs,
+	                               *(CK_SESSION_HANDLE *)args[0],
+	                               *(CK_OBJECT_HANDLE *)args[1]);
+}
+
+static void
+binding_C_GetObjectSize (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetObjectSize (funcs,
+	                               *(CK_SESSION_HANDLE *)args[0],
+	                               *(CK_OBJECT_HANDLE *)args[1],
+	                               *(CK_ULONG_PTR *)args[2]);
+}
+
+static void
+binding_C_GetAttributeValue (ffi_cif *cif,
+                             CK_RV *ret,
+                             void* args[],
+                             CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GetAttributeValue (funcs,
+	                                   *(CK_SESSION_HANDLE *)args[0],
+	                                   *(CK_OBJECT_HANDLE *)args[1],
+	                                   *(CK_ATTRIBUTE_PTR *)args[2],
+	                                   *(CK_ULONG *)args[3]);
+}
+
+static void
+binding_C_SetAttributeValue (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SetAttributeValue (funcs,
+	                                   *(CK_SESSION_HANDLE *)args[0],
+	                                   *(CK_OBJECT_HANDLE *)args[1],
+	                                   *(CK_ATTRIBUTE_PTR *)args[2],
+	                                   *(CK_ULONG *)args[3]);
+}
+
+static void
+binding_C_FindObjectsInit (ffi_cif *cif,
+                           CK_RV *ret,
+                           void* args[],
+                           CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_FindObjectsInit (funcs,
+	                                 *(CK_SESSION_HANDLE *)args[0],
+	                                 *(CK_ATTRIBUTE_PTR *)args[1],
+	                                 *(CK_ULONG *)args[2]);
+}
+
+static void
+binding_C_FindObjects (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_FindObjects (funcs,
+	                             *(CK_SESSION_HANDLE *)args[0],
+	                             *(CK_OBJECT_HANDLE_PTR *)args[1],
+	                             *(CK_ULONG *)args[2],
+	                             *(CK_ULONG_PTR *)args[3]);
+}
+
+static void
+binding_C_FindObjectsFinal (ffi_cif *cif,
+                            CK_RV *ret,
+                            void* args[],
+                            CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_FindObjectsFinal (funcs,
+	                                  *(CK_SESSION_HANDLE *)args[0]);
+}
+
+static void
+binding_C_EncryptInit (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_EncryptInit (funcs,
+	                             *(CK_SESSION_HANDLE *)args[0],
+	                             *(CK_MECHANISM_PTR *)args[1],
+	                             *(CK_OBJECT_HANDLE *)args[2]);
+}
+
+static void
+binding_C_Encrypt (ffi_cif *cif,
+                   CK_RV *ret,
+                   void* args[],
+                   CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_Encrypt (funcs,
+	                         *(CK_SESSION_HANDLE *)args[0],
+	                         *(CK_BYTE_PTR *)args[1],
+	                         *(CK_ULONG *)args[2],
+	                         *(CK_BYTE_PTR *)args[3],
+	                         *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_EncryptUpdate (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_EncryptUpdate (funcs,
+	                               *(CK_SESSION_HANDLE *)args[0],
+	                               *(CK_BYTE_PTR *)args[1],
+	                               *(CK_ULONG *)args[2],
+	                               *(CK_BYTE_PTR *)args[3],
+	                               *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_EncryptFinal (ffi_cif *cif,
+                        CK_RV *ret,
+                        void* args[],
+                        CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_EncryptFinal (funcs,
+	                              *(CK_SESSION_HANDLE *)args[0],
+	                              *(CK_BYTE_PTR *)args[1],
+	                              *(CK_ULONG_PTR *)args[2]);
+}
+
+static void
+binding_C_DecryptInit (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DecryptInit (funcs,
+	                             *(CK_SESSION_HANDLE *)args[0],
+	                             *(CK_MECHANISM_PTR *)args[1],
+	                             *(CK_OBJECT_HANDLE *)args[2]);
+}
+
+static void
+binding_C_Decrypt (ffi_cif *cif,
+                   CK_RV *ret,
+                   void* args[],
+                   CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_Decrypt (funcs,
+	                         *(CK_SESSION_HANDLE *)args[0],
+	                         *(CK_BYTE_PTR *)args[1],
+	                         *(CK_ULONG *)args[2],
+	                         *(CK_BYTE_PTR *)args[3],
+	                         *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_DecryptUpdate (ffi_cif *cif,
+                         CK_RV *ret,
+                         void* args[],
+                         CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DecryptUpdate (funcs,
+	                               *(CK_SESSION_HANDLE *)args[0],
+	                               *(CK_BYTE_PTR *)args[1],
+	                               *(CK_ULONG *)args[2],
+	                               *(CK_BYTE_PTR *)args[3],
+	                               *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_DecryptFinal (ffi_cif *cif,
+                        CK_RV *ret,
+                        void* args[],
+                        CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DecryptFinal (funcs,
+	                              *(CK_SESSION_HANDLE *)args[0],
+	                              *(CK_BYTE_PTR *)args[1],
+	                              *(CK_ULONG_PTR *)args[2]);
+}
+
+static void
+binding_C_DigestInit (ffi_cif *cif,
+                      CK_RV *ret,
+                      void* args[],
+                      CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DigestInit (funcs,
+	                            *(CK_SESSION_HANDLE *)args[0],
+	                            *(CK_MECHANISM_PTR *)args[1]);
+}
+
+static void
+binding_C_Digest (ffi_cif *cif,
+                  CK_RV *ret,
+                  void* args[],
+                  CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_Digest (funcs,
+	                        *(CK_SESSION_HANDLE *)args[0],
+	                        *(CK_BYTE_PTR *)args[1],
+	                        *(CK_ULONG *)args[2],
+	                        *(CK_BYTE_PTR *)args[3],
+	                        *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_DigestUpdate (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DigestUpdate (funcs,
+	                              *(CK_SESSION_HANDLE *)args[0],
+	                              *(CK_BYTE_PTR *)args[1],
+	                              *(CK_ULONG *)args[2]);
+}
+
+static void
+binding_C_DigestKey (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DigestKey (funcs,
+	                           *(CK_SESSION_HANDLE *)args[0],
+	                           *(CK_OBJECT_HANDLE *)args[1]);
+}
+
+static void
+binding_C_DigestFinal (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DigestFinal (funcs,
+	                             *(CK_SESSION_HANDLE *)args[0],
+	                             *(CK_BYTE_PTR *)args[1],
+	                             *(CK_ULONG_PTR *)args[2]);
+}
+
+static void
+binding_C_SignInit (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SignInit (funcs,
+	                          *(CK_SESSION_HANDLE *)args[0],
+	                          *(CK_MECHANISM_PTR *)args[1],
+	                          *(CK_OBJECT_HANDLE *)args[2]);
+}
+
+static void
+binding_C_Sign (ffi_cif *cif,
+                CK_RV *ret,
+                void* args[],
+                CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_Sign (funcs,
+	                      *(CK_SESSION_HANDLE *)args[0],
+	                      *(CK_BYTE_PTR *)args[1],
+	                      *(CK_ULONG *)args[2],
+	                      *(CK_BYTE_PTR *)args[3],
+	                      *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_SignUpdate (ffi_cif *cif,
+                      CK_RV *ret,
+                      void* args[],
+                      CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SignUpdate (funcs,
+	                            *(CK_SESSION_HANDLE *)args[0],
+	                            *(CK_BYTE_PTR *)args[1],
+	                            *(CK_ULONG *)args[2]);
+}
+
+static void
+binding_C_SignFinal (ffi_cif *cif,
+                     CK_RV *ret,
+                     void* args[],
+                     CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SignFinal (funcs,
+	                           *(CK_SESSION_HANDLE *)args[0],
+	                           *(CK_BYTE_PTR *)args[1],
+	                           *(CK_ULONG_PTR *)args[2]);
+}
+
+static void
+binding_C_SignRecoverInit (ffi_cif *cif,
+                           CK_RV *ret,
+                           void* args[],
+                           CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SignRecoverInit (funcs,
+	                                 *(CK_SESSION_HANDLE *)args[0],
+	                                 *(CK_MECHANISM_PTR *)args[1],
+	                                 *(CK_OBJECT_HANDLE *)args[2]);
+}
+
+static void
+binding_C_SignRecover (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SignRecover (funcs,
+	                             *(CK_SESSION_HANDLE *)args[0],
+	                             *(CK_BYTE_PTR *)args[1],
+	                             *(CK_ULONG *)args[2],
+	                             *(CK_BYTE_PTR *)args[3],
+	                             *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_VerifyInit (ffi_cif *cif,
+                      CK_RV *ret,
+                      void* args[],
+                      CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_VerifyInit (funcs,
+	                            *(CK_SESSION_HANDLE *)args[0],
+	                            *(CK_MECHANISM_PTR *)args[1],
+	                            *(CK_OBJECT_HANDLE *)args[2]);
+}
+
+static void
+binding_C_Verify (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_Verify (funcs,
+	                        *(CK_SESSION_HANDLE *)args[0],
+	                        *(CK_BYTE_PTR *)args[1],
+	                        *(CK_ULONG *)args[2],
+	                        *(CK_BYTE_PTR *)args[3],
+	                        *(CK_ULONG *)args[4]);
+}
+
+static void
+binding_C_VerifyUpdate (ffi_cif *cif,
+                        CK_RV *ret,
+                        void* args[],
+                        CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_VerifyUpdate (funcs,
+	                              *(CK_SESSION_HANDLE *)args[0],
+	                              *(CK_BYTE_PTR *)args[1],
+	                              *(CK_ULONG *)args[2]);
+}
+
+static void
+binding_C_VerifyFinal (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_VerifyFinal (funcs,
+	                             *(CK_SESSION_HANDLE *)args[0],
+	                             *(CK_BYTE_PTR *)args[1],
+	                             *(CK_ULONG *)args[2]);
+}
+
+static void
+binding_C_VerifyRecoverInit (ffi_cif *cif,
+                             CK_RV *ret,
+                             void* args[],
+                             CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_VerifyRecoverInit (funcs,
+	                                   *(CK_SESSION_HANDLE *)args[0],
+	                                   *(CK_MECHANISM_PTR *)args[1],
+	                                   *(CK_OBJECT_HANDLE *)args[2]);
+}
+
+static void
+binding_C_VerifyRecover (ffi_cif *cif,
+                         CK_RV *ret,
+                         void* args[],
+                         CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_VerifyRecover (funcs,
+	                               *(CK_SESSION_HANDLE *)args[0],
+	                               *(CK_BYTE_PTR *)args[1],
+	                               *(CK_ULONG *)args[2],
+	                               *(CK_BYTE_PTR *)args[3],
+	                               *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_DigestEncryptUpdate (ffi_cif *cif,
+                               CK_RV *ret,
+                               void* args[],
+                               CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DigestEncryptUpdate (funcs,
+	                                     *(CK_SESSION_HANDLE *)args[0],
+	                                     *(CK_BYTE_PTR *)args[1],
+	                                     *(CK_ULONG *)args[2],
+	                                     *(CK_BYTE_PTR *)args[3],
+	                                     *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_DecryptDigestUpdate (ffi_cif *cif,
+                               CK_RV *ret,
+                               void* args[],
+                               CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DecryptDigestUpdate (funcs,
+	                                     *(CK_SESSION_HANDLE *)args[0],
+	                                     *(CK_BYTE_PTR *)args[1],
+	                                     *(CK_ULONG *)args[2],
+	                                     *(CK_BYTE_PTR *)args[3],
+	                                     *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_SignEncryptUpdate (ffi_cif *cif,
+                             CK_RV *ret,
+                             void* args[],
+                             CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SignEncryptUpdate (funcs,
+	                                   *(CK_SESSION_HANDLE *)args[0],
+	                                   *(CK_BYTE_PTR *)args[1],
+	                                   *(CK_ULONG *)args[2],
+	                                   *(CK_BYTE_PTR *)args[3],
+	                                   *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_DecryptVerifyUpdate (ffi_cif *cif,
+                               CK_RV *ret,
+                               void* args[],
+                               CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DecryptVerifyUpdate (funcs,
+	                                     *(CK_SESSION_HANDLE *)args[0],
+	                                     *(CK_BYTE_PTR *)args[1],
+	                                     *(CK_ULONG *)args[2],
+	                                     *(CK_BYTE_PTR *)args[3],
+	                                     *(CK_ULONG_PTR *)args[4]);
+}
+
+static void
+binding_C_GenerateKey (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GenerateKey (funcs,
+	                             *(CK_SESSION_HANDLE *)args[0],
+	                             *(CK_MECHANISM_PTR *)args[1],
+	                             *(CK_ATTRIBUTE_PTR *)args[2],
+	                             *(CK_ULONG *)args[3],
+	                             *(CK_OBJECT_HANDLE_PTR *)args[4]);
+}
+
+static void
+binding_C_GenerateKeyPair (ffi_cif *cif,
+                           CK_RV *ret,
+                           void* args[],
+                           CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GenerateKeyPair (funcs,
+	                                 *(CK_SESSION_HANDLE *)args[0],
+	                                 *(CK_MECHANISM_PTR *)args[1],
+	                                 *(CK_ATTRIBUTE_PTR *)args[2],
+	                                 *(CK_ULONG *)args[3],
+	                                 *(CK_ATTRIBUTE_PTR *)args[4],
+	                                 *(CK_ULONG *)args[5],
+	                                 *(CK_OBJECT_HANDLE_PTR *)args[6],
+	                                 *(CK_OBJECT_HANDLE_PTR *)args[7]);
+}
+
+static void
+binding_C_WrapKey (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_WrapKey (funcs,
+	                         *(CK_SESSION_HANDLE *)args[0],
+	                         *(CK_MECHANISM_PTR *)args[1],
+	                         *(CK_OBJECT_HANDLE *)args[2],
+	                         *(CK_OBJECT_HANDLE *)args[3],
+	                         *(CK_BYTE_PTR *)args[4],
+	                         *(CK_ULONG_PTR *)args[5]);
+}
+
+static void
+binding_C_UnwrapKey (ffi_cif *cif,
+                     CK_RV *ret,
+                     void* args[],
+                     CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_UnwrapKey (funcs,
+	                           *(CK_SESSION_HANDLE *)args[0],
+	                           *(CK_MECHANISM_PTR *)args[1],
+	                           *(CK_OBJECT_HANDLE *)args[2],
+	                           *(CK_BYTE_PTR *)args[3],
+	                           *(CK_ULONG *)args[4],
+	                           *(CK_ATTRIBUTE_PTR *)args[5],
+	                           *(CK_ULONG *)args[6],
+	                           *(CK_OBJECT_HANDLE_PTR *)args[7]);
+}
+
+static void
+binding_C_DeriveKey (ffi_cif *cif,
+                     CK_RV *ret,
+                     void* args[],
+                     CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_DeriveKey (funcs,
+	                           *(CK_SESSION_HANDLE *)args[0],
+	                           *(CK_MECHANISM_PTR *)args[1],
+	                           *(CK_OBJECT_HANDLE *)args[2],
+	                           *(CK_ATTRIBUTE_PTR *)args[3],
+	                           *(CK_ULONG *)args[4],
+	                           *(CK_OBJECT_HANDLE_PTR *)args[5]);
+}
+
+static void
+binding_C_SeedRandom (ffi_cif *cif,
+                       CK_RV *ret,
+                       void* args[],
+                       CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_SeedRandom (funcs,
+	                            *(CK_SESSION_HANDLE *)args[0],
+	                            *(CK_BYTE_PTR *)args[1],
+	                            *(CK_ULONG *)args[2]);
+}
+
+static void
+binding_C_GenerateRandom (ffi_cif *cif,
+                          CK_RV *ret,
+                          void* args[],
+                          CK_X_FUNCTION_LIST *funcs)
+{
+	*ret = funcs->C_GenerateRandom (funcs,
+	                                *(CK_SESSION_HANDLE *)args[0],
+	                                *(CK_BYTE_PTR *)args[1],
+	                                *(CK_ULONG *)args[2]);
+}
+
+#endif /* WITH_FFI */
+
+static CK_RV
+stack_C_Initialize (CK_X_FUNCTION_LIST *self,
+                    CK_VOID_PTR init_args)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Initialize (funcs, init_args);
+}
+
+static CK_RV
+stack_C_Finalize (CK_X_FUNCTION_LIST *self,
+                  CK_VOID_PTR reserved)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Finalize (funcs, reserved);
+}
+
+static CK_RV
+stack_C_GetInfo (CK_X_FUNCTION_LIST *self,
+                 CK_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetInfo (funcs, info);
+}
+
+static CK_RV
+stack_C_GetSlotList (CK_X_FUNCTION_LIST *self,
+                     CK_BBOOL token_present,
+                     CK_SLOT_ID_PTR slot_list,
+                     CK_ULONG_PTR count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetSlotList (funcs, token_present, slot_list, count);
+}
+
+static CK_RV
+stack_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
+                     CK_SLOT_ID slot_id,
+                     CK_SLOT_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetSlotInfo (funcs, slot_id, info);
+}
+
+static CK_RV
+stack_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
+                      CK_SLOT_ID slot_id,
+                      CK_TOKEN_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetTokenInfo (funcs, slot_id, info);
+}
+
+static CK_RV
+stack_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
+                          CK_SLOT_ID slot_id,
+                          CK_MECHANISM_TYPE_PTR mechanism_list,
+                          CK_ULONG_PTR count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetMechanismList (funcs, slot_id, mechanism_list, count);
+}
+
+static CK_RV
+stack_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
+                          CK_SLOT_ID slot_id,
+                          CK_MECHANISM_TYPE type,
+                          CK_MECHANISM_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetMechanismInfo (funcs, slot_id, type, info);
+}
+
+static CK_RV
+stack_C_InitToken (CK_X_FUNCTION_LIST *self,
+                   CK_SLOT_ID slot_id,
+                   CK_UTF8CHAR_PTR pin,
+                   CK_ULONG pin_len,
+                   CK_UTF8CHAR_PTR label)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_InitToken (funcs, slot_id, pin, pin_len, label);
+}
+
+static CK_RV
+stack_C_OpenSession (CK_X_FUNCTION_LIST *self,
+                     CK_SLOT_ID slot_id,
+                     CK_FLAGS flags,
+                     CK_VOID_PTR application,
+                     CK_NOTIFY notify,
+                     CK_SESSION_HANDLE_PTR session)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_OpenSession (funcs, slot_id, flags, application, notify, session);
+}
+
+static CK_RV
+stack_C_CloseSession (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_CloseSession (funcs, session);
+}
+
+static CK_RV
+stack_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
+                          CK_SLOT_ID slot_id)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_CloseAllSessions (funcs, slot_id);
+}
+
+static CK_RV
+stack_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE session,
+                        CK_SESSION_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetSessionInfo (funcs, session, info);
+}
+
+static CK_RV
+stack_C_InitPIN (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE session,
+                 CK_UTF8CHAR_PTR pin,
+                 CK_ULONG pin_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_InitPIN (funcs, session, pin, pin_len);
+}
+
+static CK_RV
+stack_C_SetPIN (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE session,
+                CK_UTF8CHAR_PTR old_pin,
+                CK_ULONG old_len,
+                CK_UTF8CHAR_PTR new_pin,
+                CK_ULONG new_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SetPIN (funcs, session, old_pin, old_len, new_pin, new_len);
+}
+
+static CK_RV
+stack_C_GetOperationState (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE session,
+                           CK_BYTE_PTR operation_state,
+                           CK_ULONG_PTR operation_state_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetOperationState (funcs, session, operation_state, operation_state_len);
+}
+
+static CK_RV
+stack_C_SetOperationState (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE session,
+                           CK_BYTE_PTR operation_state,
+                           CK_ULONG operation_state_len,
+                           CK_OBJECT_HANDLE encryption_key,
+                           CK_OBJECT_HANDLE authentication_key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SetOperationState (funcs, session, operation_state, operation_state_len,
+	                                   encryption_key, authentication_key);
+}
+
+static CK_RV
+stack_C_Login (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE session,
+               CK_USER_TYPE user_type,
+               CK_UTF8CHAR_PTR pin,
+               CK_ULONG pin_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Login (funcs, session, user_type, pin, pin_len);
+}
+
+static CK_RV
+stack_C_Logout (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE session)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Logout (funcs, session);
+}
+
+static CK_RV
+stack_C_CreateObject (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_ATTRIBUTE_PTR template,
+                      CK_ULONG count,
+                      CK_OBJECT_HANDLE_PTR object)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_CreateObject (funcs, session, template, count, object);
+}
+
+static CK_RV
+stack_C_CopyObject (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_OBJECT_HANDLE object,
+                    CK_ATTRIBUTE_PTR template,
+                    CK_ULONG count,
+                    CK_OBJECT_HANDLE_PTR new_object)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_CopyObject (funcs, session, object, template, count, new_object);
+}
+
+
+static CK_RV
+stack_C_DestroyObject (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE session,
+                       CK_OBJECT_HANDLE object)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DestroyObject (funcs, session, object);
+}
+
+static CK_RV
+stack_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE session,
+                       CK_OBJECT_HANDLE object,
+                       CK_ULONG_PTR size)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetObjectSize (funcs, session, object, size);
+}
+
+static CK_RV
+stack_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE session,
+                           CK_OBJECT_HANDLE object,
+                           CK_ATTRIBUTE_PTR template,
+                           CK_ULONG count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetAttributeValue (funcs, session, object, template, count);
+}
+
+static CK_RV
+stack_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE session,
+                           CK_OBJECT_HANDLE object,
+                           CK_ATTRIBUTE_PTR template,
+                           CK_ULONG count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SetAttributeValue (funcs, session, object, template, count);
+}
+
+static CK_RV
+stack_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE session,
+                         CK_ATTRIBUTE_PTR template,
+                         CK_ULONG count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_FindObjectsInit (funcs, session, template, count);
+}
+
+static CK_RV
+stack_C_FindObjects (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE session,
+                       CK_OBJECT_HANDLE_PTR object,
+                       CK_ULONG max_object_count,
+                       CK_ULONG_PTR object_count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_FindObjects (funcs, session, object, max_object_count, object_count);
+}
+
+static CK_RV
+stack_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
+                            CK_SESSION_HANDLE session)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_FindObjectsFinal (funcs, session);
+}
+
+static CK_RV
+stack_C_EncryptInit (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE session,
+                       CK_MECHANISM_PTR mechanism,
+                       CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_EncryptInit (funcs, session, mechanism, key);
+}
+
+static CK_RV
+stack_C_Encrypt (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_BYTE_PTR input,
+                   CK_ULONG input_len,
+                   CK_BYTE_PTR encrypted_data,
+                   CK_ULONG_PTR encrypted_data_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Encrypt (funcs, session, input, input_len,
+	                         encrypted_data, encrypted_data_len);
+}
+
+static CK_RV
+stack_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE session,
+                       CK_BYTE_PTR part,
+                       CK_ULONG part_len,
+                       CK_BYTE_PTR encrypted_part,
+                       CK_ULONG_PTR encrypted_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_EncryptUpdate (funcs, session, part, part_len,
+	                               encrypted_part, encrypted_part_len);
+}
+
+static CK_RV
+stack_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_BYTE_PTR last_encrypted_part,
+                      CK_ULONG_PTR last_encrypted_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_EncryptFinal (funcs, session, last_encrypted_part,
+	                              last_encrypted_part_len);
+}
+
+static CK_RV
+stack_C_DecryptInit (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_MECHANISM_PTR mechanism,
+                     CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptInit (funcs, session, mechanism, key);
+}
+
+static CK_RV
+stack_C_Decrypt (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE session,
+                 CK_BYTE_PTR encrypted_data,
+                 CK_ULONG encrypted_data_len,
+                 CK_BYTE_PTR output,
+                 CK_ULONG_PTR output_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Decrypt (funcs, session, encrypted_data, encrypted_data_len,
+	                         output, output_len);
+}
+
+static CK_RV
+stack_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE session,
+                       CK_BYTE_PTR encrypted_part,
+                       CK_ULONG encrypted_part_len,
+                       CK_BYTE_PTR part,
+                       CK_ULONG_PTR part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptUpdate (funcs, session, encrypted_part, encrypted_part_len,
+	                               part, part_len);
+}
+
+static CK_RV
+stack_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_BYTE_PTR last_part,
+                      CK_ULONG_PTR last_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptFinal (funcs, session, last_part, last_part_len);
+}
+
+static CK_RV
+stack_C_DigestInit (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_MECHANISM_PTR mechanism)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestInit (funcs, session, mechanism);
+}
+
+static CK_RV
+stack_C_Digest (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE session,
+                CK_BYTE_PTR input,
+                CK_ULONG input_len,
+                CK_BYTE_PTR digest,
+                CK_ULONG_PTR digest_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Digest (funcs, session, input, input_len, digest, digest_len);
+}
+
+static CK_RV
+stack_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_BYTE_PTR part,
+                      CK_ULONG part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestUpdate (funcs, session, part, part_len);
+}
+
+static CK_RV
+stack_C_DigestKey (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestKey (funcs, session, key);
+}
+
+static CK_RV
+stack_C_DigestFinal (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_BYTE_PTR digest,
+                     CK_ULONG_PTR digest_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestFinal (funcs, session, digest, digest_len);
+}
+
+static CK_RV
+stack_C_SignInit (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE session,
+                  CK_MECHANISM_PTR mechanism,
+                  CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignInit (funcs, session, mechanism, key);
+}
+
+static CK_RV
+stack_C_Sign (CK_X_FUNCTION_LIST *self,
+              CK_SESSION_HANDLE session,
+              CK_BYTE_PTR input,
+              CK_ULONG input_len,
+              CK_BYTE_PTR signature,
+              CK_ULONG_PTR signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Sign (funcs, session, input, input_len,
+	                      signature, signature_len);
+}
+
+static CK_RV
+stack_C_SignUpdate (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_BYTE_PTR part,
+                    CK_ULONG part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignUpdate (funcs, session, part, part_len);
+}
+
+static CK_RV
+stack_C_SignFinal (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_BYTE_PTR signature,
+                   CK_ULONG_PTR signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignFinal (funcs, session, signature, signature_len);
+}
+
+static CK_RV
+stack_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE session,
+                         CK_MECHANISM_PTR mechanism,
+                         CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignRecoverInit (funcs, session, mechanism, key);
+}
+
+static CK_RV
+stack_C_SignRecover (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_BYTE_PTR input,
+                     CK_ULONG input_len,
+                     CK_BYTE_PTR signature,
+                     CK_ULONG_PTR signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignRecover (funcs, session, input, input_len,
+	                             signature, signature_len);
+}
+
+static CK_RV
+stack_C_VerifyInit (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_MECHANISM_PTR mechanism,
+                    CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyInit (funcs, session, mechanism, key);
+}
+
+static CK_RV
+stack_C_Verify (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE session,
+                CK_BYTE_PTR input,
+                CK_ULONG input_len,
+                CK_BYTE_PTR signature,
+                CK_ULONG signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Verify (funcs, session, input, input_len,
+	                        signature, signature_len);
+}
+
+static CK_RV
+stack_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_BYTE_PTR part,
+                      CK_ULONG part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyUpdate (funcs, session, part, part_len);
+}
+
+static CK_RV
+stack_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_BYTE_PTR signature,
+                     CK_ULONG signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyFinal (funcs, session, signature, signature_len);
+}
+
+static CK_RV
+stack_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE session,
+                           CK_MECHANISM_PTR mechanism,
+                           CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyRecoverInit (funcs, session, mechanism, key);
+}
+
+static CK_RV
+stack_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE session,
+                       CK_BYTE_PTR signature,
+                       CK_ULONG signature_len,
+                       CK_BYTE_PTR input,
+                       CK_ULONG_PTR input_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyRecover (funcs, session, signature, signature_len,
+	                               input, input_len);
+}
+
+static CK_RV
+stack_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
+                             CK_SESSION_HANDLE session,
+                             CK_BYTE_PTR part,
+                             CK_ULONG part_len,
+                             CK_BYTE_PTR encrypted_part,
+                             CK_ULONG_PTR encrypted_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestEncryptUpdate (funcs, session, part, part_len,
+	                                     encrypted_part, encrypted_part_len);
+}
+
+static CK_RV
+stack_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
+                             CK_SESSION_HANDLE session,
+                             CK_BYTE_PTR encrypted_part,
+                             CK_ULONG encrypted_part_len,
+                             CK_BYTE_PTR part,
+                             CK_ULONG_PTR part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptDigestUpdate (funcs, session, encrypted_part, encrypted_part_len,
+	                                          part, part_len);
+}
+
+static CK_RV
+stack_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
+                           CK_SESSION_HANDLE session,
+                           CK_BYTE_PTR part,
+                           CK_ULONG part_len,
+                           CK_BYTE_PTR encrypted_part,
+                           CK_ULONG_PTR encrypted_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignEncryptUpdate (funcs, session, part, part_len,
+	                                   encrypted_part, encrypted_part_len);
+}
+
+static CK_RV
+stack_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
+                             CK_SESSION_HANDLE session,
+                             CK_BYTE_PTR encrypted_part,
+                             CK_ULONG encrypted_part_len,
+                             CK_BYTE_PTR part,
+                             CK_ULONG_PTR part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptVerifyUpdate (funcs, session, encrypted_part, encrypted_part_len,
+	                                     part, part_len);
+}
+
+static CK_RV
+stack_C_GenerateKey (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_MECHANISM_PTR mechanism,
+                     CK_ATTRIBUTE_PTR template,
+                     CK_ULONG count,
+                     CK_OBJECT_HANDLE_PTR key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GenerateKey (funcs, session, mechanism, template, count, key);
+}
+
+static CK_RV
+stack_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE session,
+                         CK_MECHANISM_PTR mechanism,
+                         CK_ATTRIBUTE_PTR public_key_template,
+                         CK_ULONG public_key_count,
+                         CK_ATTRIBUTE_PTR private_key_template,
+                         CK_ULONG private_key_count,
+                         CK_OBJECT_HANDLE_PTR public_key,
+                         CK_OBJECT_HANDLE_PTR private_key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GenerateKeyPair (funcs, session, mechanism, public_key_template,
+	                                 public_key_count, private_key_template,
+	                                 private_key_count, public_key, private_key);
+}
+
+static CK_RV
+stack_C_WrapKey (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE session,
+                 CK_MECHANISM_PTR mechanism,
+                 CK_OBJECT_HANDLE wrapping_key,
+                 CK_OBJECT_HANDLE key,
+                 CK_BYTE_PTR wrapped_key,
+                 CK_ULONG_PTR wrapped_key_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_WrapKey (funcs, session, mechanism, wrapping_key, key,
+	                         wrapped_key, wrapped_key_len);
+}
+
+static CK_RV
+stack_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_MECHANISM_PTR mechanism,
+                   CK_OBJECT_HANDLE unwrapping_key,
+                   CK_BYTE_PTR wrapped_key,
+                   CK_ULONG wrapped_key_len,
+                   CK_ATTRIBUTE_PTR template,
+                   CK_ULONG count,
+                   CK_OBJECT_HANDLE_PTR key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_UnwrapKey (funcs, session, mechanism, unwrapping_key, wrapped_key,
+	                           wrapped_key_len, template, count, key);
+}
+
+static CK_RV
+stack_C_DeriveKey (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_MECHANISM_PTR mechanism,
+                   CK_OBJECT_HANDLE base_key,
+                   CK_ATTRIBUTE_PTR template,
+                   CK_ULONG count,
+                   CK_OBJECT_HANDLE_PTR key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DeriveKey (funcs, session, mechanism, base_key, template, count, key);
+}
+
+static CK_RV
+stack_C_SeedRandom (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_BYTE_PTR seed,
+                    CK_ULONG seed_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SeedRandom (funcs, session, seed, seed_len);
+}
+
+static CK_RV
+stack_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE session,
+                        CK_BYTE_PTR random_data,
+                        CK_ULONG random_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GenerateRandom (funcs, session, random_data, random_len);
+}
+
+static CK_RV
+stack_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
+                          CK_FLAGS flags,
+                          CK_SLOT_ID_PTR slot_id,
+                          CK_VOID_PTR reserved)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_X_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_WaitForSlotEvent (funcs, flags, slot_id, reserved);
+}
+
+static CK_RV
+base_C_Initialize (CK_X_FUNCTION_LIST *self,
+                   CK_VOID_PTR init_args)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Initialize (init_args);
+}
+
+static CK_RV
+base_C_Finalize (CK_X_FUNCTION_LIST *self,
+                 CK_VOID_PTR reserved)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Finalize (reserved);
+}
+
+static CK_RV
+base_C_GetInfo (CK_X_FUNCTION_LIST *self,
+                CK_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetInfo (info);
+}
+
+static CK_RV
+base_C_GetSlotList (CK_X_FUNCTION_LIST *self,
+                    CK_BBOOL token_present,
+                    CK_SLOT_ID_PTR slot_list,
+                    CK_ULONG_PTR count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetSlotList (token_present, slot_list, count);
+}
+
+static CK_RV
+base_C_GetSlotInfo (CK_X_FUNCTION_LIST *self,
+                    CK_SLOT_ID slot_id,
+                    CK_SLOT_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetSlotInfo (slot_id, info);
+}
+
+static CK_RV
+base_C_GetTokenInfo (CK_X_FUNCTION_LIST *self,
+                     CK_SLOT_ID slot_id,
+                     CK_TOKEN_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetTokenInfo (slot_id, info);
+}
+
+static CK_RV
+base_C_GetMechanismList (CK_X_FUNCTION_LIST *self,
+                         CK_SLOT_ID slot_id,
+                         CK_MECHANISM_TYPE_PTR mechanism_list,
+                         CK_ULONG_PTR count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetMechanismList (slot_id, mechanism_list, count);
+}
+
+static CK_RV
+base_C_GetMechanismInfo (CK_X_FUNCTION_LIST *self,
+                         CK_SLOT_ID slot_id,
+                         CK_MECHANISM_TYPE type,
+                         CK_MECHANISM_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetMechanismInfo (slot_id, type, info);
+}
+
+static CK_RV
+base_C_InitToken (CK_X_FUNCTION_LIST *self,
+                  CK_SLOT_ID slot_id,
+                  CK_UTF8CHAR_PTR pin,
+                  CK_ULONG pin_len,
+                  CK_UTF8CHAR_PTR label)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_InitToken (slot_id, pin, pin_len, label);
+}
+
+static CK_RV
+base_C_OpenSession (CK_X_FUNCTION_LIST *self,
+                    CK_SLOT_ID slot_id,
+                    CK_FLAGS flags,
+                    CK_VOID_PTR application,
+                    CK_NOTIFY notify,
+                    CK_SESSION_HANDLE_PTR session)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_OpenSession (slot_id, flags, application, notify, session);
+}
+
+static CK_RV
+base_C_CloseSession (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_CloseSession (session);
+}
+
+static CK_RV
+base_C_CloseAllSessions (CK_X_FUNCTION_LIST *self,
+                         CK_SLOT_ID slot_id)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_CloseAllSessions (slot_id);
+}
+
+static CK_RV
+base_C_GetSessionInfo (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE session,
+                       CK_SESSION_INFO_PTR info)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetSessionInfo (session, info);
+}
+
+static CK_RV
+base_C_InitPIN (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE session,
+                CK_UTF8CHAR_PTR pin,
+                CK_ULONG pin_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_InitPIN (session, pin, pin_len);
+}
+
+static CK_RV
+base_C_SetPIN (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE session,
+               CK_UTF8CHAR_PTR old_pin,
+               CK_ULONG old_len,
+               CK_UTF8CHAR_PTR new_pin,
+               CK_ULONG new_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SetPIN (session, old_pin, old_len, new_pin, new_len);
+}
+
+static CK_RV
+base_C_GetOperationState (CK_X_FUNCTION_LIST *self,
+                          CK_SESSION_HANDLE session,
+                          CK_BYTE_PTR operation_state,
+                          CK_ULONG_PTR operation_state_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetOperationState (session, operation_state, operation_state_len);
+}
+
+static CK_RV
+base_C_SetOperationState (CK_X_FUNCTION_LIST *self,
+                          CK_SESSION_HANDLE session,
+                          CK_BYTE_PTR operation_state,
+                          CK_ULONG operation_state_len,
+                          CK_OBJECT_HANDLE encryption_key,
+                          CK_OBJECT_HANDLE authentication_key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SetOperationState (session, operation_state, operation_state_len,
+	                                   encryption_key, authentication_key);
+}
+
+static CK_RV
+base_C_Login (CK_X_FUNCTION_LIST *self,
+              CK_SESSION_HANDLE session,
+              CK_USER_TYPE user_type,
+              CK_UTF8CHAR_PTR pin,
+              CK_ULONG pin_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Login (session, user_type, pin, pin_len);
+}
+
+static CK_RV
+base_C_Logout (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE session)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Logout (session);
+}
+
+static CK_RV
+base_C_CreateObject (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_ATTRIBUTE_PTR template,
+                     CK_ULONG count,
+                     CK_OBJECT_HANDLE_PTR object)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_CreateObject (session, template, count, object);
+}
+
+static CK_RV
+base_C_CopyObject (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_OBJECT_HANDLE object,
+                   CK_ATTRIBUTE_PTR template,
+                   CK_ULONG count,
+                   CK_OBJECT_HANDLE_PTR new_object)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_CopyObject (session, object, template, count, new_object);
+}
+
+
+static CK_RV
+base_C_DestroyObject (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_OBJECT_HANDLE object)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DestroyObject (session, object);
+}
+
+static CK_RV
+base_C_GetObjectSize (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_OBJECT_HANDLE object,
+                      CK_ULONG_PTR size)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetObjectSize (session, object, size);
+}
+
+static CK_RV
+base_C_GetAttributeValue (CK_X_FUNCTION_LIST *self,
+                          CK_SESSION_HANDLE session,
+                          CK_OBJECT_HANDLE object,
+                          CK_ATTRIBUTE_PTR template,
+                          CK_ULONG count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GetAttributeValue (session, object, template, count);
+}
+
+static CK_RV
+base_C_SetAttributeValue (CK_X_FUNCTION_LIST *self,
+                          CK_SESSION_HANDLE session,
+                          CK_OBJECT_HANDLE object,
+                          CK_ATTRIBUTE_PTR template,
+                          CK_ULONG count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SetAttributeValue (session, object, template, count);
+}
+
+static CK_RV
+base_C_FindObjectsInit (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE session,
+                        CK_ATTRIBUTE_PTR template,
+                        CK_ULONG count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_FindObjectsInit (session, template, count);
+}
+
+static CK_RV
+base_C_FindObjects (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_OBJECT_HANDLE_PTR object,
+                    CK_ULONG max_object_count,
+                    CK_ULONG_PTR object_count)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_FindObjects (session, object, max_object_count, object_count);
+}
+
+static CK_RV
+base_C_FindObjectsFinal (CK_X_FUNCTION_LIST *self,
+                         CK_SESSION_HANDLE session)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_FindObjectsFinal (session);
+}
+
+static CK_RV
+base_C_EncryptInit (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_MECHANISM_PTR mechanism,
+                    CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_EncryptInit (session, mechanism, key);
+}
+
+static CK_RV
+base_C_Encrypt (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE session,
+                CK_BYTE_PTR input,
+                CK_ULONG input_len,
+                CK_BYTE_PTR encrypted_data,
+                CK_ULONG_PTR encrypted_data_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Encrypt (session, input, input_len,
+	                              encrypted_data, encrypted_data_len);
+}
+
+static CK_RV
+base_C_EncryptUpdate (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_BYTE_PTR part,
+                      CK_ULONG part_len,
+                      CK_BYTE_PTR encrypted_part,
+                      CK_ULONG_PTR encrypted_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_EncryptUpdate (session, part, part_len,
+	                               encrypted_part, encrypted_part_len);
+}
+
+static CK_RV
+base_C_EncryptFinal (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_BYTE_PTR last_encrypted_part,
+                     CK_ULONG_PTR last_encrypted_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_EncryptFinal (session, last_encrypted_part,
+	                              last_encrypted_part_len);
+}
+
+static CK_RV
+base_C_DecryptInit (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_MECHANISM_PTR mechanism,
+                    CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptInit (session, mechanism, key);
+}
+
+static CK_RV
+base_C_Decrypt (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE session,
+                CK_BYTE_PTR encrypted_data,
+                CK_ULONG encrypted_data_len,
+                CK_BYTE_PTR output,
+                CK_ULONG_PTR output_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Decrypt (session, encrypted_data, encrypted_data_len,
+	                         output, output_len);
+}
+
+static CK_RV
+base_C_DecryptUpdate (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_BYTE_PTR encrypted_part,
+                      CK_ULONG encrypted_part_len,
+                      CK_BYTE_PTR part,
+                      CK_ULONG_PTR part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptUpdate (session, encrypted_part, encrypted_part_len,
+	                               part, part_len);
+}
+
+static CK_RV
+base_C_DecryptFinal (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_BYTE_PTR last_part,
+                     CK_ULONG_PTR last_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptFinal (session, last_part, last_part_len);
+}
+
+static CK_RV
+base_C_DigestInit (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_MECHANISM_PTR mechanism)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestInit (session, mechanism);
+}
+
+static CK_RV
+base_C_Digest (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE session,
+               CK_BYTE_PTR input,
+               CK_ULONG input_len,
+               CK_BYTE_PTR digest,
+               CK_ULONG_PTR digest_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Digest (session, input, input_len, digest, digest_len);
+}
+
+static CK_RV
+base_C_DigestUpdate (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_BYTE_PTR part,
+                     CK_ULONG part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestUpdate (session, part, part_len);
+}
+
+static CK_RV
+base_C_DigestKey (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE session,
+                  CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestKey (session, key);
+}
+
+static CK_RV
+base_C_DigestFinal (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_BYTE_PTR digest,
+                    CK_ULONG_PTR digest_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestFinal (session, digest, digest_len);
+}
+
+static CK_RV
+base_C_SignInit (CK_X_FUNCTION_LIST *self,
+                 CK_SESSION_HANDLE session,
+                 CK_MECHANISM_PTR mechanism,
+                 CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignInit (session, mechanism, key);
+}
+
+static CK_RV
+base_C_Sign (CK_X_FUNCTION_LIST *self,
+             CK_SESSION_HANDLE session,
+             CK_BYTE_PTR input,
+             CK_ULONG input_len,
+             CK_BYTE_PTR signature,
+             CK_ULONG_PTR signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Sign (session, input, input_len,
+	                      signature, signature_len);
+}
+
+static CK_RV
+base_C_SignUpdate (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_BYTE_PTR part,
+                   CK_ULONG part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignUpdate (session, part, part_len);
+}
+
+static CK_RV
+base_C_SignFinal (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE session,
+                  CK_BYTE_PTR signature,
+                  CK_ULONG_PTR signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignFinal (session, signature, signature_len);
+}
+
+static CK_RV
+base_C_SignRecoverInit (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE session,
+                        CK_MECHANISM_PTR mechanism,
+                        CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignRecoverInit (session, mechanism, key);
+}
+
+static CK_RV
+base_C_SignRecover (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_BYTE_PTR input,
+                    CK_ULONG input_len,
+                    CK_BYTE_PTR signature,
+                    CK_ULONG_PTR signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignRecover (session, input, input_len,
+	                             signature, signature_len);
+}
+
+static CK_RV
+base_C_VerifyInit (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_MECHANISM_PTR mechanism,
+                   CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyInit (session, mechanism, key);
+}
+
+static CK_RV
+base_C_Verify (CK_X_FUNCTION_LIST *self,
+               CK_SESSION_HANDLE session,
+               CK_BYTE_PTR input,
+               CK_ULONG input_len,
+               CK_BYTE_PTR signature,
+               CK_ULONG signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_Verify (session, input, input_len,
+	                        signature, signature_len);
+}
+
+static CK_RV
+base_C_VerifyUpdate (CK_X_FUNCTION_LIST *self,
+                     CK_SESSION_HANDLE session,
+                     CK_BYTE_PTR part,
+                     CK_ULONG part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyUpdate (session, part, part_len);
+}
+
+static CK_RV
+base_C_VerifyFinal (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_BYTE_PTR signature,
+                    CK_ULONG signature_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyFinal (session, signature, signature_len);
+}
+
+static CK_RV
+base_C_VerifyRecoverInit (CK_X_FUNCTION_LIST *self,
+                          CK_SESSION_HANDLE session,
+                          CK_MECHANISM_PTR mechanism,
+                          CK_OBJECT_HANDLE key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyRecoverInit (session, mechanism, key);
+}
+
+static CK_RV
+base_C_VerifyRecover (CK_X_FUNCTION_LIST *self,
+                      CK_SESSION_HANDLE session,
+                      CK_BYTE_PTR signature,
+                      CK_ULONG signature_len,
+                      CK_BYTE_PTR input,
+                      CK_ULONG_PTR input_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_VerifyRecover (session, signature, signature_len,
+	                               input, input_len);
+}
+
+static CK_RV
+base_C_DigestEncryptUpdate (CK_X_FUNCTION_LIST *self,
+                            CK_SESSION_HANDLE session,
+                            CK_BYTE_PTR part,
+                            CK_ULONG part_len,
+                            CK_BYTE_PTR encrypted_part,
+                            CK_ULONG_PTR encrypted_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DigestEncryptUpdate (session, part, part_len,
+	                                     encrypted_part, encrypted_part_len);
+}
+
+static CK_RV
+base_C_DecryptDigestUpdate (CK_X_FUNCTION_LIST *self,
+                            CK_SESSION_HANDLE session,
+                            CK_BYTE_PTR encrypted_part,
+                            CK_ULONG encrypted_part_len,
+                            CK_BYTE_PTR part,
+                            CK_ULONG_PTR part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptDigestUpdate (session, encrypted_part, encrypted_part_len,
+	                                     part, part_len);
+}
+
+static CK_RV
+base_C_SignEncryptUpdate (CK_X_FUNCTION_LIST *self,
+                          CK_SESSION_HANDLE session,
+                          CK_BYTE_PTR part,
+                          CK_ULONG part_len,
+                          CK_BYTE_PTR encrypted_part,
+                          CK_ULONG_PTR encrypted_part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SignEncryptUpdate (session, part, part_len,
+	                                   encrypted_part, encrypted_part_len);
+}
+
+static CK_RV
+base_C_DecryptVerifyUpdate (CK_X_FUNCTION_LIST *self,
+                            CK_SESSION_HANDLE session,
+                            CK_BYTE_PTR encrypted_part,
+                            CK_ULONG encrypted_part_len,
+                            CK_BYTE_PTR part,
+                            CK_ULONG_PTR part_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DecryptVerifyUpdate (session, encrypted_part, encrypted_part_len,
+	                                     part, part_len);
+}
+
+static CK_RV
+base_C_GenerateKey (CK_X_FUNCTION_LIST *self,
+                    CK_SESSION_HANDLE session,
+                    CK_MECHANISM_PTR mechanism,
+                    CK_ATTRIBUTE_PTR template,
+                    CK_ULONG count,
+                    CK_OBJECT_HANDLE_PTR key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GenerateKey (session, mechanism, template, count, key);
+}
+
+static CK_RV
+base_C_GenerateKeyPair (CK_X_FUNCTION_LIST *self,
+                        CK_SESSION_HANDLE session,
+                        CK_MECHANISM_PTR mechanism,
+                        CK_ATTRIBUTE_PTR public_key_template,
+                        CK_ULONG public_key_count,
+                        CK_ATTRIBUTE_PTR private_key_template,
+                        CK_ULONG private_key_count,
+                        CK_OBJECT_HANDLE_PTR public_key,
+                        CK_OBJECT_HANDLE_PTR private_key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GenerateKeyPair (session, mechanism, public_key_template,
+	                                 public_key_count, private_key_template,
+	                                 private_key_count, public_key, private_key);
+}
+
+static CK_RV
+base_C_WrapKey (CK_X_FUNCTION_LIST *self,
+                CK_SESSION_HANDLE session,
+                CK_MECHANISM_PTR mechanism,
+                CK_OBJECT_HANDLE wrapping_key,
+                CK_OBJECT_HANDLE key,
+                CK_BYTE_PTR wrapped_key,
+                CK_ULONG_PTR wrapped_key_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_WrapKey (session, mechanism, wrapping_key, key,
+	                         wrapped_key, wrapped_key_len);
+}
+
+static CK_RV
+base_C_UnwrapKey (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE session,
+                  CK_MECHANISM_PTR mechanism,
+                  CK_OBJECT_HANDLE unwrapping_key,
+                  CK_BYTE_PTR wrapped_key,
+                  CK_ULONG wrapped_key_len,
+                  CK_ATTRIBUTE_PTR template,
+                  CK_ULONG count,
+                  CK_OBJECT_HANDLE_PTR key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_UnwrapKey (session, mechanism, unwrapping_key, wrapped_key,
+	                           wrapped_key_len, template, count, key);
+}
+
+static CK_RV
+base_C_DeriveKey (CK_X_FUNCTION_LIST *self,
+                  CK_SESSION_HANDLE session,
+                  CK_MECHANISM_PTR mechanism,
+                  CK_OBJECT_HANDLE base_key,
+                  CK_ATTRIBUTE_PTR template,
+                  CK_ULONG count,
+                  CK_OBJECT_HANDLE_PTR key)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_DeriveKey (session, mechanism, base_key, template, count, key);
+}
+
+static CK_RV
+base_C_SeedRandom (CK_X_FUNCTION_LIST *self,
+                   CK_SESSION_HANDLE session,
+                   CK_BYTE_PTR seed,
+                   CK_ULONG seed_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_SeedRandom (session, seed, seed_len);
+}
+
+static CK_RV
+base_C_GenerateRandom (CK_X_FUNCTION_LIST *self,
+                       CK_SESSION_HANDLE session,
+                       CK_BYTE_PTR random_data,
+                       CK_ULONG random_len)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_GenerateRandom (session, random_data, random_len);
+}
+
+static CK_RV
+base_C_WaitForSlotEvent (CK_X_FUNCTION_LIST *self,
+                         CK_FLAGS flags,
+                         CK_SLOT_ID_PTR slot_id,
+                         CK_VOID_PTR reserved)
+{
+	p11_virtual *virt = (p11_virtual *)self;
+	CK_FUNCTION_LIST *funcs = virt->lower_module;
+	return funcs->C_WaitForSlotEvent (flags, slot_id, reserved);
+}
+
+void
+p11_virtual_init (p11_virtual *virt,
+                  CK_X_FUNCTION_LIST *funcs,
+                  void *lower_module,
+                  p11_destroyer lower_destroy)
+{
+	memcpy (virt, funcs, sizeof (CK_X_FUNCTION_LIST));
+	virt->lower_module = lower_module;
+	virt->lower_destroy = lower_destroy;
+}
+
+void
+p11_virtual_uninit (p11_virtual *virt)
+{
+	if (virt->lower_destroy)
+		(virt->lower_destroy) (virt->lower_module);
+}
+
+#ifdef WITH_FFI
+
+typedef struct {
+	const char *name;
+	void *binding_function;
+	void *stack_fallback;
+	size_t virtual_offset;
+	void *base_fallback;
+	size_t module_offset;
+	ffi_type *types[MAX_ARGS];
+} FunctionInfo;
+
+#define STRUCT_OFFSET(struct_type, member) \
+	((size_t) ((unsigned char *) &((struct_type *) 0)->member))
+#define STRUCT_MEMBER_P(struct_p, struct_offset) \
+	((void *) ((unsigned char *) (struct_p) + (long) (struct_offset)))
+#define STRUCT_MEMBER(member_type, struct_p, struct_offset) \
+	(*(member_type*) STRUCT_MEMBER_P ((struct_p), (struct_offset)))
+
+#define FUNCTION(name) \
+	#name, binding_C_##name, \
+	stack_C_##name, STRUCT_OFFSET (CK_X_FUNCTION_LIST, C_##name), \
+	base_C_##name, STRUCT_OFFSET (CK_FUNCTION_LIST, C_##name)
+
+static const FunctionInfo function_info[] = {
+	{ FUNCTION (Initialize), { &ffi_type_pointer, NULL } },
+	{ FUNCTION (Finalize), { &ffi_type_pointer, NULL } },
+	{ FUNCTION (GetInfo), { &ffi_type_pointer, NULL } },
+	{ FUNCTION (GetSlotList), { &ffi_type_uchar, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (GetSlotInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (GetTokenInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (WaitForSlotEvent), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (GetMechanismList), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (GetMechanismInfo), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (InitToken), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (InitPIN), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (SetPIN), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (OpenSession), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (CloseSession), { &ffi_type_ulong, NULL } },
+	{ FUNCTION (CloseAllSessions), { &ffi_type_ulong, NULL } },
+	{ FUNCTION (GetSessionInfo), { &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (GetOperationState), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (SetOperationState), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_ulong, NULL } },
+	{ FUNCTION (Login), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (Logout), { &ffi_type_ulong, NULL } },
+	{ FUNCTION (CreateObject), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (CopyObject), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DestroyObject), { &ffi_type_ulong, &ffi_type_ulong, NULL } },
+	{ FUNCTION (GetObjectSize), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (GetAttributeValue), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (SetAttributeValue), { &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (FindObjectsInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (FindObjects), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (FindObjectsFinal), { &ffi_type_ulong, NULL } },
+	{ FUNCTION (EncryptInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (Encrypt), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (EncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (EncryptFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DecryptInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (Decrypt), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DecryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DecryptFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DigestInit), { &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (Digest), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DigestUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (DigestKey), { &ffi_type_ulong, &ffi_type_ulong, NULL } },
+	{ FUNCTION (DigestFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (SignInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (Sign), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (SignUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (SignFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (SignRecoverInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (SignRecover), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (VerifyInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (Verify), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (VerifyUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (VerifyFinal), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (VerifyRecoverInit), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (VerifyRecover), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DigestEncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DecryptDigestUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (SignEncryptUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DecryptVerifyUpdate), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (GenerateKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (GenerateKeyPair), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (WrapKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_pointer, NULL } },
+	{ FUNCTION (UnwrapKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (DeriveKey), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, &ffi_type_pointer, NULL } },
+	{ FUNCTION (SeedRandom), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ FUNCTION (GenerateRandom), { &ffi_type_ulong, &ffi_type_pointer, &ffi_type_ulong, NULL } },
+	{ 0, }
+};
+
+static bool
+lookup_fall_through (p11_virtual *virt,
+                     const FunctionInfo *info,
+                     void **bound_func)
+{
+	void *func;
+
+	/*
+	 * So the basic concept here is if we have only fall-through functions
+	 * all the way down the stack, then we can just get the actual module
+	 * function, so that calls go right through.
+	 */
+
+	func = STRUCT_MEMBER (void *, virt, info->virtual_offset);
+
+	/*
+	 * This is a fall-through function and the stack goes down further, so
+	 * ask the next level down for the
+	 */
+	if (func == info->stack_fallback) {
+		return lookup_fall_through (virt->lower_module, info, bound_func);
+
+	/*
+	 * This is a fall-through function at the bottom level of the stack
+	 * so return the function from the module.
+	 */
+	} else if (func == info->base_fallback) {
+		*bound_func = STRUCT_MEMBER (void *, virt->lower_module, info->module_offset);
+		return true;
+	}
+
+	return false;
+}
+
+static bool
+bind_ffi_closure (Wrapper *wrapper,
+                  void *binding_data,
+                  void *binding_func,
+                  ffi_type **args,
+                  void **bound_func)
+{
+	ffi_closure *clo;
+	ffi_cif *cif;
+	int nargs = 0;
+	int i = 0;
+	int ret;
+
+	assert (wrapper->ffi_used < MAX_FUNCTIONS);
+	cif = wrapper->ffi_cifs + wrapper->ffi_used;
+
+	/* The number of arguments */
+	for (i = 0, nargs = 0; args[i] != NULL; i++)
+		nargs++;
+
+	assert (nargs <= MAX_ARGS);
+
+	/*
+	 * The failures here are unexpected conditions. There's a chance they
+	 * might occur on other esoteric platforms, so we take a little
+	 * extra care to print relevant debugging info, and return a status,
+	 * so that we can get back useful debug info on platforms that we
+	 * don't have access to.
+	 */
+
+	ret = ffi_prep_cif (cif, FFI_DEFAULT_ABI, nargs, &ffi_type_ulong, args);
+	if (ret != FFI_OK) {
+		p11_debug_precond ("ffi_prep_cif failed: %d\n", ret);
+		return false;
+	}
+
+	clo = ffi_closure_alloc (sizeof (ffi_closure), bound_func);
+	if (clo == NULL) {
+		p11_debug_precond ("ffi_closure_alloc failed\n");
+		return false;
+	}
+
+	ret = ffi_prep_closure_loc (clo, cif, binding_func, binding_data, *bound_func);
+	if (ret != FFI_OK) {
+		p11_debug_precond ("ffi_prep_closure_loc failed: %d\n", ret);
+		return false;
+	}
+
+	wrapper->ffi_closures[wrapper->ffi_used] = clo;
+	wrapper->ffi_used++;
+	return true;
+}
+
+static bool
+init_wrapper_funcs (Wrapper *wrapper)
+{
+	static const ffi_type *get_function_list_args[] = { &ffi_type_pointer, NULL };
+	const FunctionInfo *info;
+	CK_X_FUNCTION_LIST *over;
+	void **bound;
+	int i;
+
+	/* Pointer to where our calls go */
+	over = &wrapper->virt->funcs;
+
+	for (i = 0; function_info[i].name != NULL; i++) {
+		info = function_info + i;
+
+		/* Address to where we're placing the bound function */
+		bound = &STRUCT_MEMBER (void *, &wrapper->bound, info->module_offset);
+
+		/*
+		 * See if we can just shoot straight through to the module function
+		 * without wrapping at all. If all the stacked virtual modules just
+		 * fall through, then this returns the original module function.
+		 */
+		if (!lookup_fall_through (wrapper->virt, info, bound)) {
+			if (!bind_ffi_closure (wrapper, over,
+			                       info->binding_function,
+			                       (ffi_type **)info->types, bound))
+				return_val_if_reached (false);
+		}
+	}
+
+	/* Always bind the C_GetFunctionList function itself */
+	if (!bind_ffi_closure (wrapper, wrapper,
+	                       binding_C_GetFunctionList,
+	                       (ffi_type **)get_function_list_args,
+	                       (void **)&wrapper->bound.C_GetFunctionList))
+		return_val_if_reached (false);
+
+	/*
+	 * These functions are used as a marker to indicate whether this is
+	 * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These
+	 * functions are defined to always have the same standard implementation
+	 * in PKCS#11 2.x so we don't need to call through to the base for
+	 * these guys.
+	 */
+	wrapper->bound.C_CancelFunction = short_C_CancelFunction;
+	wrapper->bound.C_GetFunctionStatus = short_C_GetFunctionStatus;
+
+	return true;
+}
+
+static void
+uninit_wrapper_funcs (Wrapper *wrapper)
+{
+	int i;
+
+	for (i = 0; i < wrapper->ffi_used; i++)
+		ffi_closure_free (wrapper->ffi_closures[i]);
+}
+
+CK_FUNCTION_LIST *
+p11_virtual_wrap (p11_virtual *virt,
+                  p11_destroyer destroyer)
+{
+	Wrapper *wrapper;
+
+	return_val_if_fail (virt != NULL, NULL);
+
+	wrapper = calloc (1, sizeof (Wrapper));
+	return_val_if_fail (wrapper != NULL, NULL);
+
+	wrapper->virt = virt;
+	wrapper->destroyer = destroyer;
+	wrapper->bound.version.major = CRYPTOKI_VERSION_MAJOR;
+	wrapper->bound.version.minor = CRYPTOKI_VERSION_MINOR;
+
+	if (!init_wrapper_funcs (wrapper))
+		return_val_if_reached (NULL);
+
+	assert ((void *)wrapper == (void *)&wrapper->bound);
+	assert (p11_virtual_is_wrapper (&wrapper->bound));
+	assert (wrapper->bound.C_GetFunctionList != NULL);
+	return &wrapper->bound;
+}
+
+bool
+p11_virtual_can_wrap (void)
+{
+	return TRUE;
+}
+
+bool
+p11_virtual_is_wrapper (CK_FUNCTION_LIST_PTR module)
+{
+	/*
+	 * We use these functions as a marker to indicate whether this is
+	 * one of our CK_FUNCTION_LIST_PTR sets of functions or not. These
+	 * functions are defined to always have the same standard implementation
+	 * in PKCS#11 2.x so we don't need to call through to the base for
+	 * these guys.
+	 */
+	return (module->C_GetFunctionStatus == short_C_GetFunctionStatus &&
+		module->C_CancelFunction == short_C_CancelFunction);
+}
+
+void
+p11_virtual_unwrap (CK_FUNCTION_LIST_PTR module)
+{
+	Wrapper *wrapper;
+
+	return_if_fail (p11_virtual_is_wrapper (module));
+
+	/* The bound CK_FUNCTION_LIST_PTR sits at the front of Context */
+	wrapper = (Wrapper *)module;
+
+	/*
+	 * Make sure that the CK_FUNCTION_LIST_PTR is invalid, and that
+	 * p11_virtual_is_wrapper() recognizes this. This is in case the
+	 * destroyer callback tries to do something fancy.
+	 */
+	memset (&wrapper->bound, 0xFEEEFEEE, sizeof (wrapper->bound));
+
+	if (wrapper->destroyer)
+		(wrapper->destroyer) (wrapper->virt);
+
+	uninit_wrapper_funcs (wrapper);
+	free (wrapper);
+}
+
+#else /* !WITH_FFI */
+
+CK_FUNCTION_LIST *
+p11_virtual_wrap (p11_virtual *virt,
+                  p11_destroyer destroyer)
+{
+	assert_not_reached ();
+}
+
+bool
+p11_virtual_can_wrap (void)
+{
+	return FALSE;
+}
+
+bool
+p11_virtual_is_wrapper (CK_FUNCTION_LIST_PTR module)
+{
+	return FALSE;
+}
+
+void
+p11_virtual_unwrap (CK_FUNCTION_LIST_PTR module)
+{
+	assert_not_reached ();
+}
+
+#endif /* !WITH_FFI */
+
+CK_X_FUNCTION_LIST p11_virtual_stack = {
+	{ CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },  /* version */
+	stack_C_Initialize,
+	stack_C_Finalize,
+	stack_C_GetInfo,
+	stack_C_GetSlotList,
+	stack_C_GetSlotInfo,
+	stack_C_GetTokenInfo,
+	stack_C_GetMechanismList,
+	stack_C_GetMechanismInfo,
+	stack_C_InitToken,
+	stack_C_InitPIN,
+	stack_C_SetPIN,
+	stack_C_OpenSession,
+	stack_C_CloseSession,
+	stack_C_CloseAllSessions,
+	stack_C_GetSessionInfo,
+	stack_C_GetOperationState,
+	stack_C_SetOperationState,
+	stack_C_Login,
+	stack_C_Logout,
+	stack_C_CreateObject,
+	stack_C_CopyObject,
+	stack_C_DestroyObject,
+	stack_C_GetObjectSize,
+	stack_C_GetAttributeValue,
+	stack_C_SetAttributeValue,
+	stack_C_FindObjectsInit,
+	stack_C_FindObjects,
+	stack_C_FindObjectsFinal,
+	stack_C_EncryptInit,
+	stack_C_Encrypt,
+	stack_C_EncryptUpdate,
+	stack_C_EncryptFinal,
+	stack_C_DecryptInit,
+	stack_C_Decrypt,
+	stack_C_DecryptUpdate,
+	stack_C_DecryptFinal,
+	stack_C_DigestInit,
+	stack_C_Digest,
+	stack_C_DigestUpdate,
+	stack_C_DigestKey,
+	stack_C_DigestFinal,
+	stack_C_SignInit,
+	stack_C_Sign,
+	stack_C_SignUpdate,
+	stack_C_SignFinal,
+	stack_C_SignRecoverInit,
+	stack_C_SignRecover,
+	stack_C_VerifyInit,
+	stack_C_Verify,
+	stack_C_VerifyUpdate,
+	stack_C_VerifyFinal,
+	stack_C_VerifyRecoverInit,
+	stack_C_VerifyRecover,
+	stack_C_DigestEncryptUpdate,
+	stack_C_DecryptDigestUpdate,
+	stack_C_SignEncryptUpdate,
+	stack_C_DecryptVerifyUpdate,
+	stack_C_GenerateKey,
+	stack_C_GenerateKeyPair,
+	stack_C_WrapKey,
+	stack_C_UnwrapKey,
+	stack_C_DeriveKey,
+	stack_C_SeedRandom,
+	stack_C_GenerateRandom,
+	stack_C_WaitForSlotEvent
+};
+
+CK_X_FUNCTION_LIST p11_virtual_base = {
+	{ CRYPTOKI_VERSION_MAJOR, CRYPTOKI_VERSION_MINOR },  /* version */
+	base_C_Initialize,
+	base_C_Finalize,
+	base_C_GetInfo,
+	base_C_GetSlotList,
+	base_C_GetSlotInfo,
+	base_C_GetTokenInfo,
+	base_C_GetMechanismList,
+	base_C_GetMechanismInfo,
+	base_C_InitToken,
+	base_C_InitPIN,
+	base_C_SetPIN,
+	base_C_OpenSession,
+	base_C_CloseSession,
+	base_C_CloseAllSessions,
+	base_C_GetSessionInfo,
+	base_C_GetOperationState,
+	base_C_SetOperationState,
+	base_C_Login,
+	base_C_Logout,
+	base_C_CreateObject,
+	base_C_CopyObject,
+	base_C_DestroyObject,
+	base_C_GetObjectSize,
+	base_C_GetAttributeValue,
+	base_C_SetAttributeValue,
+	base_C_FindObjectsInit,
+	base_C_FindObjects,
+	base_C_FindObjectsFinal,
+	base_C_EncryptInit,
+	base_C_Encrypt,
+	base_C_EncryptUpdate,
+	base_C_EncryptFinal,
+	base_C_DecryptInit,
+	base_C_Decrypt,
+	base_C_DecryptUpdate,
+	base_C_DecryptFinal,
+	base_C_DigestInit,
+	base_C_Digest,
+	base_C_DigestUpdate,
+	base_C_DigestKey,
+	base_C_DigestFinal,
+	base_C_SignInit,
+	base_C_Sign,
+	base_C_SignUpdate,
+	base_C_SignFinal,
+	base_C_SignRecoverInit,
+	base_C_SignRecover,
+	base_C_VerifyInit,
+	base_C_Verify,
+	base_C_VerifyUpdate,
+	base_C_VerifyFinal,
+	base_C_VerifyRecoverInit,
+	base_C_VerifyRecover,
+	base_C_DigestEncryptUpdate,
+	base_C_DecryptDigestUpdate,
+	base_C_SignEncryptUpdate,
+	base_C_DecryptVerifyUpdate,
+	base_C_GenerateKey,
+	base_C_GenerateKeyPair,
+	base_C_WrapKey,
+	base_C_UnwrapKey,
+	base_C_DeriveKey,
+	base_C_SeedRandom,
+	base_C_GenerateRandom,
+	base_C_WaitForSlotEvent
+};
diff --git a/p11-kit/virtual.h b/p11-kit/virtual.h
new file mode 100644
index 0000000..f1fb676
--- /dev/null
+++ b/p11-kit/virtual.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2013 Red Hat, Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above
+ *       copyright notice, this list of conditions and the
+ *       following disclaimer.
+ *     * Redistributions in binary form must reproduce the
+ *       above copyright notice, this list of conditions and
+ *       the following disclaimer in the documentation and/or
+ *       other materials provided with the distribution.
+ *     * The names of contributors to this software may not be
+ *       used to endorse or promote products derived from this
+ *       software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter 
+ */
+
+#ifndef __P11_VIRTUAL_H__
+#define __P11_VIRTUAL_H__
+
+#include "pkcs11.h"
+#include "pkcs11x.h"
+#include "array.h"
+
+typedef struct {
+	CK_X_FUNCTION_LIST funcs;
+	void *lower_module;
+	p11_destroyer lower_destroy;
+} p11_virtual;
+
+CK_X_FUNCTION_LIST      p11_virtual_base;
+
+CK_X_FUNCTION_LIST      p11_virtual_stack;
+
+void                    p11_virtual_init       (p11_virtual *virt,
+                                                CK_X_FUNCTION_LIST *funcs,
+                                                void *lower_module,
+                                                p11_destroyer lower_destroy);
+
+void                    p11_virtual_uninit     (p11_virtual *virt);
+
+bool                    p11_virtual_can_wrap   (void);
+
+CK_FUNCTION_LIST *      p11_virtual_wrap       (p11_virtual *virt,
+                                                p11_destroyer destroyer);
+
+bool                    p11_virtual_is_wrapper (CK_FUNCTION_LIST *module);
+
+void                    p11_virtual_unwrap     (CK_FUNCTION_LIST *module);
+
+#endif /* __P11_VIRTUAL_H__ */
diff --git a/po/bg.gmo b/po/bg.gmo
index c2f7085..dc9cce4 100644
Binary files a/po/bg.gmo and b/po/bg.gmo differ
diff --git a/po/bg.po b/po/bg.po
index 1206610..b6a243d 100644
--- a/po/bg.po
+++ b/po/bg.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Bulgarian (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/cs.gmo b/po/cs.gmo
index a71db70..5c9abc7 100644
Binary files a/po/cs.gmo and b/po/cs.gmo differ
diff --git a/po/cs.po b/po/cs.po
index 131e1ff..a6dcd37 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Czech \n"
diff --git a/po/de.gmo b/po/de.gmo
index ef2feab..b2bdd49 100644
Binary files a/po/de.gmo and b/po/de.gmo differ
diff --git a/po/de.po b/po/de.po
index 438e9f7..97b60da 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2013-02-13 17:07+0000\n"
 "Last-Translator: Stef Walter \n"
 "Language-Team: German (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/el.gmo b/po/el.gmo
index fbbf086..0e5ff8e 100644
Binary files a/po/el.gmo and b/po/el.gmo differ
diff --git a/po/el.po b/po/el.po
index b63d4a2..a8107ea 100644
--- a/po/el.po
+++ b/po/el.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Greek (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/en@boldquot.gmo b/po/en@boldquot.gmo
index fdad4f4..1315498 100644
Binary files a/po/en@boldquot.gmo and b/po/en@boldquot.gmo differ
diff --git a/po/en@boldquot.po b/po/en@boldquot.po
index 6a9e701..b4bc1dc 100644
--- a/po/en@boldquot.po
+++ b/po/en@boldquot.po
@@ -30,11 +30,11 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: p11-kit 0.18.4\n"
+"Project-Id-Version: p11-kit 0.19.1\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
-"PO-Revision-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
+"PO-Revision-Date: 2013-05-27 10:37+0200\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
 "Language: en@boldquot\n"
diff --git a/po/en@quot.gmo b/po/en@quot.gmo
index 36b41b9..7c6f3eb 100644
Binary files a/po/en@quot.gmo and b/po/en@quot.gmo differ
diff --git a/po/en@quot.po b/po/en@quot.po
index 63b91e2..79daf1f 100644
--- a/po/en@quot.po
+++ b/po/en@quot.po
@@ -27,11 +27,11 @@
 #
 msgid ""
 msgstr ""
-"Project-Id-Version: p11-kit 0.18.4\n"
+"Project-Id-Version: p11-kit 0.19.1\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
-"PO-Revision-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
+"PO-Revision-Date: 2013-05-27 10:37+0200\n"
 "Last-Translator: Automatically generated\n"
 "Language-Team: none\n"
 "Language: en@quot\n"
diff --git a/po/en_GB.gmo b/po/en_GB.gmo
index d24635c..bf0617b 100644
Binary files a/po/en_GB.gmo and b/po/en_GB.gmo differ
diff --git a/po/en_GB.po b/po/en_GB.po
index b6d39f2..f586df9 100644
--- a/po/en_GB.po
+++ b/po/en_GB.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: English (United Kingdom) (http://www.transifex.com/projects/p/"
diff --git a/po/eo.gmo b/po/eo.gmo
index ab28ecb..331920a 100644
Binary files a/po/eo.gmo and b/po/eo.gmo differ
diff --git a/po/eo.po b/po/eo.po
index 440c5bd..7a2b305 100644
--- a/po/eo.po
+++ b/po/eo.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-04-01 19:14+0000\n"
 "Last-Translator: kristjan \n"
 "Language-Team: Esperanto (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/es.gmo b/po/es.gmo
index d544b95..f6630dd 100644
Binary files a/po/es.gmo and b/po/es.gmo differ
diff --git a/po/es.po b/po/es.po
index d3ee62a..b1e8740 100644
--- a/po/es.po
+++ b/po/es.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-08-27 16:15+0000\n"
 "Last-Translator: Daniel Mustieles \n"
 "Language-Team: Spanish (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/eu.gmo b/po/eu.gmo
index 078aed6..fc61e02 100644
Binary files a/po/eu.gmo and b/po/eu.gmo differ
diff --git a/po/eu.po b/po/eu.po
index c627f12..876bb1f 100644
--- a/po/eu.po
+++ b/po/eu.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Basque (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/fa.gmo b/po/fa.gmo
index a331fc1..02e127b 100644
Binary files a/po/fa.gmo and b/po/fa.gmo differ
diff --git a/po/fa.po b/po/fa.po
index 3236673..20218fa 100644
--- a/po/fa.po
+++ b/po/fa.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Persian (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/fi.gmo b/po/fi.gmo
index 5cdc14e..bd0f1c5 100644
Binary files a/po/fi.gmo and b/po/fi.gmo differ
diff --git a/po/fi.po b/po/fi.po
index e923e3f..899f3fe 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -11,7 +11,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2013-02-13 17:07+0000\n"
 "Last-Translator: Stef Walter \n"
 "Language-Team: Finnish (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/fr.gmo b/po/fr.gmo
index 23fc16a..fbba03e 100644
Binary files a/po/fr.gmo and b/po/fr.gmo differ
diff --git a/po/fr.po b/po/fr.po
index adc507b..8c8bfbe 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: French \n"
diff --git a/po/gl.gmo b/po/gl.gmo
index 0fbc6ac..b1e0e65 100644
Binary files a/po/gl.gmo and b/po/gl.gmo differ
diff --git a/po/gl.po b/po/gl.po
index 53ae4f4..72002f5 100644
--- a/po/gl.po
+++ b/po/gl.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-04-14 18:34+0000\n"
 "Last-Translator: Fran Diéguez \n"
 "Language-Team: Galician \n"
diff --git a/po/hr.gmo b/po/hr.gmo
index 38d5937..f6c80d8 100644
Binary files a/po/hr.gmo and b/po/hr.gmo differ
diff --git a/po/hr.po b/po/hr.po
index 53e95d2..b9a7a4b 100644
--- a/po/hr.po
+++ b/po/hr.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-10-04 20:37+0000\n"
 "Last-Translator: Tomislav Krznar \n"
 "Language-Team: Croatian \n"
diff --git a/po/hu.gmo b/po/hu.gmo
index fb86db1..b7c97d5 100644
Binary files a/po/hu.gmo and b/po/hu.gmo differ
diff --git a/po/hu.po b/po/hu.po
index 4ccb4cd..a5bf04e 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-05-03 23:26+0000\n"
 "Last-Translator: kelemeng \n"
 "Language-Team: Hungarian \n"
diff --git a/po/ia.gmo b/po/ia.gmo
index 8100020..eb5b43a 100644
Binary files a/po/ia.gmo and b/po/ia.gmo differ
diff --git a/po/ia.po b/po/ia.po
index 9b65fa5..5bc472b 100644
--- a/po/ia.po
+++ b/po/ia.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Interlingua (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/id.gmo b/po/id.gmo
index d85cef7..f45860b 100644
Binary files a/po/id.gmo and b/po/id.gmo differ
diff --git a/po/id.po b/po/id.po
index 029b2e0..e2e64f6 100644
--- a/po/id.po
+++ b/po/id.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-04-11 07:54+0000\n"
 "Last-Translator: Andika Triwidada \n"
 "Language-Team: Indonesian (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/it.gmo b/po/it.gmo
index 07a5511..efeb6be 100644
Binary files a/po/it.gmo and b/po/it.gmo differ
diff --git a/po/it.po b/po/it.po
index 7ebb74d..61de703 100644
--- a/po/it.po
+++ b/po/it.po
@@ -10,7 +10,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2013-01-30 21:13+0000\n"
 "Last-Translator: milo \n"
 "Language-Team: Italian (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/ja.gmo b/po/ja.gmo
index 611f131..c8c7792 100644
Binary files a/po/ja.gmo and b/po/ja.gmo differ
diff --git a/po/ja.po b/po/ja.po
index f88c83b..a6ece79 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-03-06 14:22+0000\n"
 "Last-Translator: Tomoyuki KATO \n"
 "Language-Team: Japanese (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/ka.gmo b/po/ka.gmo
index 2efc197..b7b1dbc 100644
Binary files a/po/ka.gmo and b/po/ka.gmo differ
diff --git a/po/ka.po b/po/ka.po
index 6ad3c80..9719c7e 100644
--- a/po/ka.po
+++ b/po/ka.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-08-21 18:45+0000\n"
 "Last-Translator: George Machitidze \n"
 "Language-Team: Georgian (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/ko.gmo b/po/ko.gmo
index 710d07a..5b4015b 100644
Binary files a/po/ko.gmo and b/po/ko.gmo differ
diff --git a/po/ko.po b/po/ko.po
index 4850e86..28129ef 100644
--- a/po/ko.po
+++ b/po/ko.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-04-14 16:48+0000\n"
 "Last-Translator: Shinjo Park \n"
 "Language-Team: Korean (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/lv.gmo b/po/lv.gmo
index 171c08f..ff65da4 100644
Binary files a/po/lv.gmo and b/po/lv.gmo differ
diff --git a/po/lv.po b/po/lv.po
index c1f0762..1f6683c 100644
--- a/po/lv.po
+++ b/po/lv.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2013-02-10 17:38+0000\n"
 "Last-Translator: RÅ«dolfs Mazurs \n"
 "Language-Team: Latvian (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/nl.gmo b/po/nl.gmo
index 0e1f7f8..70e319a 100644
Binary files a/po/nl.gmo and b/po/nl.gmo differ
diff --git a/po/nl.po b/po/nl.po
index 725749a..d99769c 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-04-18 16:10+0000\n"
 "Last-Translator: Richard E. van der Luit \n"
 "Language-Team: Dutch (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/p11-kit.pot b/po/p11-kit.pot
index 0c18929..67e57f2 100644
--- a/po/p11-kit.pot
+++ b/po/p11-kit.pot
@@ -6,10 +6,10 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: p11-kit 0.18.4\n"
+"Project-Id-Version: p11-kit 0.19.1\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: LANGUAGE \n"
diff --git a/po/pa.gmo b/po/pa.gmo
index 9e7e899..aab973c 100644
Binary files a/po/pa.gmo and b/po/pa.gmo differ
diff --git a/po/pa.po b/po/pa.po
index 2f41eea..c546c0f 100644
--- a/po/pa.po
+++ b/po/pa.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-08-07 02:16+0000\n"
 "Last-Translator: A S Alam \n"
 "Language-Team: Panjabi (Punjabi) (http://www.transifex.com/projects/p/"
diff --git a/po/pl.gmo b/po/pl.gmo
index 51a47c0..f742ea7 100644
Binary files a/po/pl.gmo and b/po/pl.gmo differ
diff --git a/po/pl.po b/po/pl.po
index cbf2142..65f069c 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-03-10 20:27+0000\n"
 "Last-Translator: Piotr Drąg \n"
 "Language-Team: Polish (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/pt_BR.gmo b/po/pt_BR.gmo
index 22d8f24..c0a9445 100644
Binary files a/po/pt_BR.gmo and b/po/pt_BR.gmo differ
diff --git a/po/pt_BR.po b/po/pt_BR.po
index d0f7269..630ac05 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-04-01 03:48+0000\n"
 "Last-Translator: Rafael Ferreira \n"
 "Language-Team: Portuguese (Brazil) (http://www.transifex.com/projects/p/"
diff --git a/po/ru.gmo b/po/ru.gmo
index 31a2943..84584a0 100644
Binary files a/po/ru.gmo and b/po/ru.gmo differ
diff --git a/po/ru.po b/po/ru.po
index 4586f07..b967eb2 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Russian (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/sk.gmo b/po/sk.gmo
index f3d428e..99d60cf 100644
Binary files a/po/sk.gmo and b/po/sk.gmo differ
diff --git a/po/sk.po b/po/sk.po
index ea304eb..1bab12c 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Slovak (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/sl.gmo b/po/sl.gmo
index 40b2a53..77e1f8d 100644
Binary files a/po/sl.gmo and b/po/sl.gmo differ
diff --git a/po/sl.po b/po/sl.po
index 102eef9..24f3743 100644
--- a/po/sl.po
+++ b/po/sl.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-06-04 06:55+0000\n"
 "Last-Translator: Martin Srebotnjak \n"
 "Language-Team: Slovenian \n"
diff --git a/po/sq.gmo b/po/sq.gmo
index 45bd1ff..8e06ae7 100644
Binary files a/po/sq.gmo and b/po/sq.gmo differ
diff --git a/po/sq.po b/po/sq.po
index ccfa5a2..0c55fd1 100644
--- a/po/sq.po
+++ b/po/sq.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Albanian (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/sr.gmo b/po/sr.gmo
index b7a0fee..aa2f60f 100644
Binary files a/po/sr.gmo and b/po/sr.gmo differ
diff --git a/po/sr.po b/po/sr.po
index c68d46e..3f9c783 100644
--- a/po/sr.po
+++ b/po/sr.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2013-02-07 20:07+0000\n"
 "Last-Translator: MirosNik \n"
 "Language-Team: Serbian (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/te.gmo b/po/te.gmo
index 7d00d67..0590824 100644
Binary files a/po/te.gmo and b/po/te.gmo differ
diff --git a/po/te.po b/po/te.po
index facb940..44f9ad2 100644
--- a/po/te.po
+++ b/po/te.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Telugu (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/tr.gmo b/po/tr.gmo
index 0f39eb8..bc89ba2 100644
Binary files a/po/tr.gmo and b/po/tr.gmo differ
diff --git a/po/tr.po b/po/tr.po
index 9370db8..ad0e86a 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-05-14 06:26+0000\n"
 "Last-Translator: Necdet Yücel \n"
 "Language-Team: Turkish (http://www.transifex.com/projects/p/freedesktop/"
diff --git a/po/uk.gmo b/po/uk.gmo
index e33161c..3e33011 100644
Binary files a/po/uk.gmo and b/po/uk.gmo differ
diff --git a/po/uk.po b/po/uk.po
index dcf296d..2cb4394 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-03-08 08:34+0000\n"
 "Last-Translator: Yuri Chornoivan \n"
 "Language-Team: Ukrainian \n"
diff --git a/po/zh_CN.gmo b/po/zh_CN.gmo
index 53e9b08..7abd2f5 100644
Binary files a/po/zh_CN.gmo and b/po/zh_CN.gmo differ
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 3b277dd..8f86c76 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Chinese (China) \n"
diff --git a/po/zh_HK.gmo b/po/zh_HK.gmo
index 7a3c639..2e36792 100644
Binary files a/po/zh_HK.gmo and b/po/zh_HK.gmo differ
diff --git a/po/zh_HK.po b/po/zh_HK.po
index 2bb8aa4..d832579 100644
--- a/po/zh_HK.po
+++ b/po/zh_HK.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Chinese (Hong Kong) (http://www.transifex.com/projects/p/"
diff --git a/po/zh_TW.gmo b/po/zh_TW.gmo
index f45f5ec..09c53fe 100644
Binary files a/po/zh_TW.gmo and b/po/zh_TW.gmo differ
diff --git a/po/zh_TW.po b/po/zh_TW.po
index eff635c..c24aa3e 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -8,7 +8,7 @@ msgstr ""
 "Project-Id-Version: p11-kit\n"
 "Report-Msgid-Bugs-To: https://bugs.freedesktop.org/enter_bug.cgi?product=p11-"
 "glue\n"
-"POT-Creation-Date: 2013-06-24 18:13+0200\n"
+"POT-Creation-Date: 2013-05-27 10:37+0200\n"
 "PO-Revision-Date: 2012-02-29 09:23+0000\n"
 "Last-Translator: FULL NAME \n"
 "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/"
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 5e48149..c8296ee 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -5,7 +5,7 @@ SUBDIRS = . tests
 
 COMMON = $(top_srcdir)/common
 
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(top_srcdir)/common \
 	-I$(top_srcdir)/p11-kit \
@@ -50,4 +50,8 @@ p11_kit_SOURCES += \
 	save.c save.h \
 	$(NULL)
 
+externaldir = $(privatedir)
+external_SCRIPTS = \
+	p11-kit-extract-trust
+
 endif # WITH_ASN1
diff --git a/tools/Makefile.in b/tools/Makefile.in
index e41dbb9..d1b4d19 100644
--- a/tools/Makefile.in
+++ b/tools/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.13.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2012 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -14,52 +14,25 @@
 
 @SET_MAKE@
 
+
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
+am__make_dryrun = \
+  { \
+    am__dry=no; \
     case $$MAKEFLAGS in \
       *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
+        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
+          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+      *) \
+        for am__flg in $$MAKEFLAGS; do \
+          case $$am__flg in \
+            *=*|--*) ;; \
+            *n*) am__dry=yes; break;; \
+          esac; \
+        done;; \
     esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+    test $$am__dry = yes; \
+  }
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -79,7 +52,8 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(top_srcdir)/build/Makefile.decl $(srcdir)/Makefile.in \
-	$(srcdir)/Makefile.am $(top_srcdir)/depcomp
+	$(srcdir)/Makefile.am $(srcdir)/p11-kit-extract-trust.in \
+	$(top_srcdir)/depcomp
 bin_PROGRAMS = p11-kit$(EXEEXT)
 @WITH_ASN1_TRUE@am__append_1 = \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-data.la \
@@ -116,9 +90,9 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_FILES = p11-kit-extract-trust
 CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)"
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(externaldir)"
 PROGRAMS = $(bin_PROGRAMS)
 am__p11_kit_SOURCES_DIST = list.c tool.c tool.h extract.c extract.h \
 	extract-info.c extract-jks.c extract-openssl.c extract-pem.c \
@@ -148,6 +122,34 @@ am__v_lt_1 =
 p11_kit_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(p11_kit_CFLAGS) \
 	$(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+SCRIPTS = $(external_SCRIPTS)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -297,6 +299,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LCOV = @LCOV@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
+LIBFFI_CFLAGS = @LIBFFI_CFLAGS@
+LIBFFI_LIBS = @LIBFFI_LIBS@
 LIBICONV = @LIBICONV@
 LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
@@ -412,7 +416,7 @@ with_trust_paths = @with_trust_paths@
 NULL = 
 SUBDIRS = . tests
 COMMON = $(top_srcdir)/common
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(top_srcdir)/common \
 	-I$(top_srcdir)/p11-kit \
@@ -426,6 +430,10 @@ p11_kit_CFLAGS = $(NULL) $(am__append_2)
 p11_kit_LDADD = $(top_builddir)/p11-kit/libp11-kit.la \
 	$(top_builddir)/common/libp11-common.la $(LTLIBINTL) $(NULL) \
 	$(am__append_1)
+@WITH_ASN1_TRUE@externaldir = $(privatedir)
+@WITH_ASN1_TRUE@external_SCRIPTS = \
+@WITH_ASN1_TRUE@	p11-kit-extract-trust
+
 all: all-recursive
 
 .SUFFIXES:
@@ -461,6 +469,8 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
 $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
+p11-kit-extract-trust: $(top_builddir)/config.status $(srcdir)/p11-kit-extract-trust.in
+	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 install-binPROGRAMS: $(bin_PROGRAMS)
 	@$(NORMAL_INSTALL)
 	@list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
@@ -510,10 +520,44 @@ clean-binPROGRAMS:
 	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
 	echo " rm -f" $$list; \
 	rm -f $$list
-
 p11-kit$(EXEEXT): $(p11_kit_OBJECTS) $(p11_kit_DEPENDENCIES) $(EXTRA_p11_kit_DEPENDENCIES) 
 	@rm -f p11-kit$(EXEEXT)
 	$(AM_V_CCLD)$(p11_kit_LINK) $(p11_kit_OBJECTS) $(p11_kit_LDADD) $(LIBS)
+install-externalSCRIPTS: $(external_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	@list='$(external_SCRIPTS)'; test -n "$(externaldir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(externaldir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(externaldir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(externaldir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(externaldir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-externalSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(external_SCRIPTS)'; test -n "$(externaldir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	dir='$(DESTDIR)$(externaldir)'; $(am__uninstall_files_from_dir)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -691,12 +735,13 @@ clean-libtool:
 #     (which will cause the Makefiles to be regenerated when you run 'make');
 # (2) otherwise, pass the desired values on the 'make' command line.
 $(am__recursive_targets):
-	@fail=; \
-	if $(am__make_keepgoing); then \
-	  failcom='fail=yes'; \
-	else \
-	  failcom='exit 1'; \
-	fi; \
+	@fail= failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
 	dot_seen=no; \
 	target=`echo $@ | sed s/-recursive//`; \
 	case "$@" in \
@@ -840,10 +885,10 @@ distdir: $(DISTFILES)
 	done
 check-am: all-am
 check: check-recursive
-all-am: Makefile $(PROGRAMS)
+all-am: Makefile $(PROGRAMS) $(SCRIPTS)
 installdirs: installdirs-recursive
 installdirs-am:
-	for dir in "$(DESTDIR)$(bindir)"; do \
+	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(externaldir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-recursive
@@ -898,7 +943,7 @@ info: info-recursive
 
 info-am:
 
-install-data-am:
+install-data-am: install-externalSCRIPTS
 
 install-dvi: install-dvi-recursive
 
@@ -944,7 +989,7 @@ ps: ps-recursive
 
 ps-am:
 
-uninstall-am: uninstall-binPROGRAMS
+uninstall-am: uninstall-binPROGRAMS uninstall-externalSCRIPTS
 
 .MAKE: $(am__recursive_targets) install-am install-strip
 
@@ -954,14 +999,15 @@ uninstall-am: uninstall-binPROGRAMS
 	distclean-generic distclean-libtool distclean-tags distdir dvi \
 	dvi-am html html-am info info-am install install-am \
 	install-binPROGRAMS install-data install-data-am install-dvi \
-	install-dvi-am install-exec install-exec-am install-html \
-	install-html-am install-info install-info-am install-man \
-	install-pdf install-pdf-am install-ps install-ps-am \
-	install-strip installcheck installcheck-am installdirs \
-	installdirs-am maintainer-clean maintainer-clean-generic \
-	mostlyclean mostlyclean-compile mostlyclean-generic \
-	mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
-	uninstall-am uninstall-binPROGRAMS
+	install-dvi-am install-exec install-exec-am \
+	install-externalSCRIPTS install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs installdirs-am \
+	maintainer-clean maintainer-clean-generic mostlyclean \
+	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+	pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
+	uninstall-binPROGRAMS uninstall-externalSCRIPTS
 
 
 memcheck:
@@ -974,6 +1020,11 @@ leakcheck:
 		test "$$dir" = "." || $(MAKE) -C $$dir leakcheck; \
 	done
 
+hellcheck:
+	@for dir in $(SUBDIRS); do \
+		test "$$dir" = "." || $(MAKE) -C $$dir hellcheck; \
+	done
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/tools/extract.c b/tools/extract.c
index cd0f369..3d1fee7 100644
--- a/tools/extract.c
+++ b/tools/extract.c
@@ -231,7 +231,7 @@ limit_modules_if_necessary (CK_FUNCTION_LIST_PTR *modules,
 
 	/* TODO: This logic will move once we merge our p11-kit managed code */
 	for (i = 0, out = 0; modules[i] != NULL; i++) {
-		string = p11_kit_registered_option (modules[i], "trust-policy");
+		string = p11_kit_config_option (modules[i], "trust-policy");
 		if (string && strcmp (string, "yes") == 0)
 			modules[out++] = modules[i];
 		else if (string && strcmp (string, "no") != 0)
@@ -305,7 +305,6 @@ p11_tool_extract (int argc,
 	CK_ATTRIBUTE *match;
 	P11KitUri *uri;
 	int opt = 0;
-	CK_RV rv;
 	int ret;
 
 	enum {
@@ -435,13 +434,10 @@ p11_tool_extract (int argc,
 	if (uri && p11_kit_uri_any_unrecognized (uri))
 		p11_message ("uri contained unrecognized components, nothing will be extracted");
 
-	rv = p11_kit_initialize_registered ();
-	if (rv != CKR_OK) {
-		p11_message ("couldn't initialize registered modules: %s", p11_kit_strerror (rv));
+	modules = p11_kit_modules_load_and_initialize (0);
+	if (!modules)
 		return 1;
-	}
 
-	modules = p11_kit_registered_modules ();
 	limit_modules_if_necessary (modules, ex.flags);
 
 	iter = p11_kit_iter_new (uri);
@@ -456,8 +452,9 @@ p11_tool_extract (int argc,
 	p11_extract_info_cleanup (&ex);
 	p11_kit_iter_free (iter);
 	p11_kit_uri_free (uri);
-	free (modules);
 
-	p11_kit_finalize_registered ();
+	p11_kit_modules_finalize (modules);
+	p11_kit_modules_release (modules);
+
 	return ret;
 }
diff --git a/tools/list.c b/tools/list.c
index da99940..fe028ae 100644
--- a/tools/list.c
+++ b/tools/list.c
@@ -203,20 +203,15 @@ print_modules (void)
 	CK_FUNCTION_LIST_PTR *module_list;
 	char *name;
 	char *path;
-	CK_RV rv;
 	int i;
 
-	rv = p11_kit_initialize_registered ();
-	if (rv != CKR_OK) {
-		p11_message ("couldn't initialize registered modules: %s",
-		             p11_kit_strerror (rv));
+	module_list = p11_kit_modules_load_and_initialize (0);
+	if (!module_list)
 		return 1;
-	}
 
-	module_list = p11_kit_registered_modules ();
 	for (i = 0; module_list[i]; i++) {
-		name = p11_kit_registered_module_to_name (module_list[i]);
-		path = p11_kit_registered_option (module_list[i], "module");
+		name = p11_kit_module_get_name (module_list[i]);
+		path = p11_kit_config_option (module_list[i], "module");
 
 		printf ("%s: %s\n",
 			name ? name : "(null)",
@@ -226,9 +221,8 @@ print_modules (void)
 		free (name);
 		free (path);
 	}
-	free (module_list);
 
-	p11_kit_finalize_registered ();
+	p11_kit_modules_finalize_and_release (module_list);
 	return 0;
 }
 
diff --git a/trust/p11-kit-extract-trust.in b/tools/p11-kit-extract-trust.in
similarity index 88%
rename from trust/p11-kit-extract-trust.in
rename to tools/p11-kit-extract-trust.in
index c7214e9..b15dd7d 100755
--- a/trust/p11-kit-extract-trust.in
+++ b/tools/p11-kit-extract-trust.in
@@ -6,12 +6,7 @@
 # appropriate. In the future this script will be called when the PKCS#11
 # trust module is used to modifiy trust anchors and related data.
 
-if [ $# -ne 0 ]; then
-	echo "usage: p11-kit extract-trust" >&2
-	exit 2
-fi
-
-echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution." >&2
+echo "p11-kit: the placeholder extract-trust command has not been customized by your distribution."
 
 # You can use commands like this to extract data from trust modules
 # into appropriate locations for your distribution.
diff --git a/tools/tests/Makefile.am b/tools/tests/Makefile.am
index f6609ec..9a5ab73 100644
--- a/tools/tests/Makefile.am
+++ b/tools/tests/Makefile.am
@@ -10,20 +10,20 @@ TOOLS = $(top_srcdir)/tools
 
 TEST_RUNNER = libtool --mode=execute
 
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(top_srcdir)/p11-kit \
 	-I$(srcdir)/.. \
 	-I$(COMMON) \
 	-DP11_KIT_FUTURE_UNSTABLE_API \
 	$(LIBTASN1_CFLAGS) \
-	$(CUTEST_CFLAGS) \
+	$(TEST_CFLAGS) \
 	$(NULL)
 
 LDADD = \
 	$(top_builddir)/p11-kit/libp11-kit.la \
 	$(top_builddir)/common/libp11-data.la \
-	$(top_builddir)/common/libp11-mock.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestcommon.la \
 	$(LIBTASN1_LIBS) \
@@ -35,7 +35,7 @@ noinst_LTLIBRARIES = \
 	libtestcommon.la
 
 libtestcommon_la_SOURCES = \
-	test.c test.h
+	test-tools.c test-tools.h
 
 CHECK_PROGS = \
 	test-save \
diff --git a/tools/tests/Makefile.in b/tools/tests/Makefile.in
index 1558870..b3533b3 100644
--- a/tools/tests/Makefile.in
+++ b/tools/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.13.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2012 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -16,51 +16,23 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
+am__make_dryrun = \
+  { \
+    am__dry=no; \
     case $$MAKEFLAGS in \
       *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
+        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
+          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+      *) \
+        for am__flg in $$MAKEFLAGS; do \
+          case $$am__flg in \
+            *=*|--*) ;; \
+            *n*) am__dry=yes; break;; \
+          esac; \
+        done;; \
     esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
-    esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+    test $$am__dry = yes; \
+  }
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -106,8 +78,8 @@ CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 LTLIBRARIES = $(noinst_LTLIBRARIES)
 libtestcommon_la_LIBADD =
-am__libtestcommon_la_SOURCES_DIST = test.c test.h
-@WITH_ASN1_TRUE@am_libtestcommon_la_OBJECTS = test.lo
+am__libtestcommon_la_SOURCES_DIST = test-tools.c test-tools.h
+@WITH_ASN1_TRUE@am_libtestcommon_la_OBJECTS = test-tools.lo
 libtestcommon_la_OBJECTS = $(am_libtestcommon_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -130,11 +102,11 @@ am__DEPENDENCIES_1 =
 @WITH_ASN1_TRUE@test_extract_DEPENDENCIES =  \
 @WITH_ASN1_TRUE@	$(top_builddir)/p11-kit/libp11-kit.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-data.la \
-@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-mock.la \
+@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-test.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-common.la \
 @WITH_ASN1_TRUE@	$(builddir)/libtestcommon.la \
 @WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@WITH_ASN1_TRUE@	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+@WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1)
 am__test_openssl_SOURCES_DIST = test-openssl.c $(TOOLS)/extract-info.c \
 	$(TOOLS)/extract-openssl.c $(TOOLS)/save.c
 @WITH_ASN1_TRUE@am_test_openssl_OBJECTS = test-openssl.$(OBJEXT) \
@@ -146,11 +118,11 @@ test_openssl_LDADD = $(LDADD)
 @WITH_ASN1_TRUE@test_openssl_DEPENDENCIES =  \
 @WITH_ASN1_TRUE@	$(top_builddir)/p11-kit/libp11-kit.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-data.la \
-@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-mock.la \
+@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-test.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-common.la \
 @WITH_ASN1_TRUE@	$(builddir)/libtestcommon.la \
 @WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@WITH_ASN1_TRUE@	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+@WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1)
 am__test_pem_SOURCES_DIST = test-pem.c $(TOOLS)/extract-info.c \
 	$(TOOLS)/extract-pem.c $(TOOLS)/save.c
 @WITH_ASN1_TRUE@am_test_pem_OBJECTS = test-pem.$(OBJEXT) \
@@ -161,11 +133,11 @@ test_pem_LDADD = $(LDADD)
 @WITH_ASN1_TRUE@test_pem_DEPENDENCIES =  \
 @WITH_ASN1_TRUE@	$(top_builddir)/p11-kit/libp11-kit.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-data.la \
-@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-mock.la \
+@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-test.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-common.la \
 @WITH_ASN1_TRUE@	$(builddir)/libtestcommon.la \
 @WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@WITH_ASN1_TRUE@	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+@WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1)
 am__test_save_SOURCES_DIST = test-save.c $(TOOLS)/save.c
 @WITH_ASN1_TRUE@am_test_save_OBJECTS = test-save.$(OBJEXT) \
 @WITH_ASN1_TRUE@	save.$(OBJEXT) $(am__objects_1)
@@ -174,11 +146,11 @@ test_save_LDADD = $(LDADD)
 @WITH_ASN1_TRUE@test_save_DEPENDENCIES =  \
 @WITH_ASN1_TRUE@	$(top_builddir)/p11-kit/libp11-kit.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-data.la \
-@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-mock.la \
+@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-test.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-common.la \
 @WITH_ASN1_TRUE@	$(builddir)/libtestcommon.la \
 @WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@WITH_ASN1_TRUE@	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+@WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1)
 am__test_x509_SOURCES_DIST = test-x509.c $(TOOLS)/extract-info.c \
 	$(TOOLS)/extract-x509.c $(TOOLS)/save.c
 @WITH_ASN1_TRUE@am_test_x509_OBJECTS = test-x509.$(OBJEXT) \
@@ -189,11 +161,11 @@ test_x509_LDADD = $(LDADD)
 @WITH_ASN1_TRUE@test_x509_DEPENDENCIES =  \
 @WITH_ASN1_TRUE@	$(top_builddir)/p11-kit/libp11-kit.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-data.la \
-@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-mock.la \
+@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-test.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-common.la \
 @WITH_ASN1_TRUE@	$(builddir)/libtestcommon.la \
 @WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
-@WITH_ASN1_TRUE@	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+@WITH_ASN1_TRUE@	$(am__DEPENDENCIES_1)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -510,6 +482,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LCOV = @LCOV@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
+LIBFFI_CFLAGS = @LIBFFI_CFLAGS@
+LIBFFI_LIBS = @LIBFFI_LIBS@
 LIBICONV = @LIBICONV@
 LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
@@ -623,33 +597,32 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 with_trust_paths = @with_trust_paths@
 NULL = 
-CUTEST_CFLAGS = \
-	-I$(top_srcdir)/build/cutest \
+TEST_CFLAGS = \
 	-DSRCDIR=\"$(abs_srcdir)\" \
 	-DBUILDDIR=\"$(abs_builddir)\" \
 	-DP11_KIT_FUTURE_UNSTABLE_API
 
-CUTEST_LIBS = $(top_builddir)/build/libcutest.la
 MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet --trace-children=yes
 LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes
+HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind
 EXTRA_DIST = files
 @WITH_ASN1_TRUE@COMMON = $(top_srcdir)/common
 @WITH_ASN1_TRUE@TOOLS = $(top_srcdir)/tools
 @WITH_ASN1_TRUE@TEST_RUNNER = libtool --mode=execute
-@WITH_ASN1_TRUE@INCLUDES = \
+@WITH_ASN1_TRUE@AM_CPPFLAGS = \
 @WITH_ASN1_TRUE@	-I$(top_srcdir) \
 @WITH_ASN1_TRUE@	-I$(top_srcdir)/p11-kit \
 @WITH_ASN1_TRUE@	-I$(srcdir)/.. \
 @WITH_ASN1_TRUE@	-I$(COMMON) \
 @WITH_ASN1_TRUE@	-DP11_KIT_FUTURE_UNSTABLE_API \
 @WITH_ASN1_TRUE@	$(LIBTASN1_CFLAGS) \
-@WITH_ASN1_TRUE@	$(CUTEST_CFLAGS) \
+@WITH_ASN1_TRUE@	$(TEST_CFLAGS) \
 @WITH_ASN1_TRUE@	$(NULL)
 
 @WITH_ASN1_TRUE@LDADD = \
 @WITH_ASN1_TRUE@	$(top_builddir)/p11-kit/libp11-kit.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-data.la \
-@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-mock.la \
+@WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-test.la \
 @WITH_ASN1_TRUE@	$(top_builddir)/common/libp11-common.la \
 @WITH_ASN1_TRUE@	$(builddir)/libtestcommon.la \
 @WITH_ASN1_TRUE@	$(LIBTASN1_LIBS) \
@@ -661,7 +634,7 @@ EXTRA_DIST = files
 @WITH_ASN1_TRUE@	libtestcommon.la
 
 @WITH_ASN1_TRUE@libtestcommon_la_SOURCES = \
-@WITH_ASN1_TRUE@	test.c test.h
+@WITH_ASN1_TRUE@	test-tools.c test-tools.h
 
 @WITH_ASN1_TRUE@CHECK_PROGS = \
 @WITH_ASN1_TRUE@	test-save \
@@ -748,7 +721,6 @@ clean-noinstLTLIBRARIES:
 	  echo rm -f $${locs}; \
 	  rm -f $${locs}; \
 	}
-
 libtestcommon.la: $(libtestcommon_la_OBJECTS) $(libtestcommon_la_DEPENDENCIES) $(EXTRA_libtestcommon_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) $(am_libtestcommon_la_rpath) $(libtestcommon_la_OBJECTS) $(libtestcommon_la_LIBADD) $(LIBS)
 
@@ -760,23 +732,18 @@ clean-noinstPROGRAMS:
 	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
 	echo " rm -f" $$list; \
 	rm -f $$list
-
 test-extract$(EXEEXT): $(test_extract_OBJECTS) $(test_extract_DEPENDENCIES) $(EXTRA_test_extract_DEPENDENCIES) 
 	@rm -f test-extract$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_extract_OBJECTS) $(test_extract_LDADD) $(LIBS)
-
 test-openssl$(EXEEXT): $(test_openssl_OBJECTS) $(test_openssl_DEPENDENCIES) $(EXTRA_test_openssl_DEPENDENCIES) 
 	@rm -f test-openssl$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_openssl_OBJECTS) $(test_openssl_LDADD) $(LIBS)
-
 test-pem$(EXEEXT): $(test_pem_OBJECTS) $(test_pem_DEPENDENCIES) $(EXTRA_test_pem_DEPENDENCIES) 
 	@rm -f test-pem$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_pem_OBJECTS) $(test_pem_LDADD) $(LIBS)
-
 test-save$(EXEEXT): $(test_save_OBJECTS) $(test_save_DEPENDENCIES) $(EXTRA_test_save_DEPENDENCIES) 
 	@rm -f test-save$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_save_OBJECTS) $(test_save_LDADD) $(LIBS)
-
 test-x509$(EXEEXT): $(test_x509_OBJECTS) $(test_x509_DEPENDENCIES) $(EXTRA_test_x509_DEPENDENCIES) 
 	@rm -f test-x509$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_x509_OBJECTS) $(test_x509_LDADD) $(LIBS)
@@ -796,8 +763,8 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-openssl.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-pem.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-save.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-tools.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-x509.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test.Plo@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -957,7 +924,7 @@ distclean-tags:
 	$(MAKE) $(AM_MAKEFLAGS) $<
 
 # Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
+# exand to empty, as could happen e.g. with make check TESTS=''.
 am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
 am--force-recheck:
 	@:
@@ -1302,6 +1269,9 @@ memcheck: all
 leakcheck: all
 	make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS
 
+hellcheck: all
+	make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/tools/tests/test-extract.c b/tools/tests/test-extract.c
index 74e3c9c..9712e81 100644
--- a/tools/tests/test-extract.c
+++ b/tools/tests/test-extract.c
@@ -32,8 +32,11 @@
  * Author: Stef Walter 
  */
 
+#define P11_KIT_DISABLE_DEPRECATED
+
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-tools.h"
 
 #include "attrs.h"
 #include "compat.h"
@@ -45,13 +48,12 @@
 #include "pkcs11.h"
 #include "pkcs11x.h"
 #include "oid.h"
-#include "test.h"
 
 #include 
 #include 
 
 static void
-test_file_name_for_label (CuTest *tc)
+test_file_name_for_label (void)
 {
 	CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
 	p11_extract_info ex;
@@ -62,14 +64,14 @@ test_file_name_for_label (CuTest *tc)
 	ex.attrs = p11_attrs_build (NULL, &label, NULL);
 
 	name = p11_extract_info_filename (&ex);
-	CuAssertStrEquals (tc, "The_Label_", name);
+	assert_str_eq ("The_Label_", name);
 	free (name);
 
 	p11_extract_info_cleanup (&ex);
 }
 
 static void
-test_file_name_for_class (CuTest *tc)
+test_file_name_for_class (void)
 {
 	p11_extract_info ex;
 	char *name;
@@ -79,20 +81,20 @@ test_file_name_for_class (CuTest *tc)
 	ex.klass = CKO_CERTIFICATE;
 
 	name = p11_extract_info_filename (&ex);
-	CuAssertStrEquals (tc, "certificate", name);
+	assert_str_eq ("certificate", name);
 	free (name);
 
 	ex.klass = CKO_DATA;
 
 	name = p11_extract_info_filename (&ex);
-	CuAssertStrEquals (tc, "unknown", name);
+	assert_str_eq ("unknown", name);
 	free (name);
 
 	p11_extract_info_cleanup (&ex);
 }
 
 static void
-test_comment_for_label (CuTest *tc)
+test_comment_for_label (void)
 {
 	CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
 	p11_extract_info ex;
@@ -104,18 +106,18 @@ test_comment_for_label (CuTest *tc)
 	ex.attrs = p11_attrs_build (NULL, &label, NULL);
 
 	comment = p11_extract_info_comment (&ex, true);
-	CuAssertStrEquals (tc, "# The Label!\n", comment);
+	assert_str_eq ("# The Label!\n", comment);
 	free (comment);
 
 	comment = p11_extract_info_comment (&ex, false);
-	CuAssertStrEquals (tc, "\n# The Label!\n", comment);
+	assert_str_eq ("\n# The Label!\n", comment);
 	free (comment);
 
 	p11_extract_info_cleanup (&ex);
 }
 
 static void
-test_comment_not_enabled (CuTest *tc)
+test_comment_not_enabled (void)
 {
 	CK_ATTRIBUTE label = { CKA_LABEL, "The Label!", 10 };
 	p11_extract_info ex;
@@ -126,10 +128,10 @@ test_comment_not_enabled (CuTest *tc)
 	ex.attrs = p11_attrs_build (NULL, &label, NULL);
 
 	comment = p11_extract_info_comment (&ex, true);
-	CuAssertPtrEquals (tc, NULL, comment);
+	assert_ptr_eq (NULL, comment);
 
 	comment = p11_extract_info_comment (&ex, false);
-	CuAssertPtrEquals (tc, NULL, comment);
+	assert_ptr_eq (NULL, comment);
 
 	p11_extract_info_cleanup (&ex);
 }
@@ -141,14 +143,15 @@ struct {
 } test;
 
 static void
-setup (CuTest *tc)
+setup (void *unused)
 {
 	CK_RV rv;
 
+	mock_module_reset ();
 	memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
 
-	rv = p11_kit_initialize_module (&test.module);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	rv = test.module.C_Initialize (NULL);
+	assert_num_eq (CKR_OK, rv);
 
 	test.iter = p11_kit_iter_new (NULL);
 
@@ -156,7 +159,7 @@ setup (CuTest *tc)
 }
 
 static void
-teardown (CuTest *tc)
+teardown (void *unused)
 {
 	CK_RV rv;
 
@@ -164,8 +167,8 @@ teardown (CuTest *tc)
 
 	p11_kit_iter_free (test.iter);
 
-	rv = p11_kit_finalize_module (&test.module);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	rv = test.module.C_Finalize (NULL);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
@@ -216,15 +219,13 @@ static CK_ATTRIBUTE extension_eku_invalid[] = {
 };
 
 static void
-test_info_simple_certificate (CuTest *tc)
+test_info_simple_certificate (void)
 {
 	void *value;
 	size_t length;
 	CK_RV rv;
 
-	setup (tc);
-
-	CuAssertPtrNotNull (tc, test.ex.asn1_defs);
+	assert_ptr_not_null (test.ex.asn1_defs);
 
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
@@ -234,55 +235,47 @@ test_info_simple_certificate (CuTest *tc)
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	CuAssertIntEquals (tc, CKO_CERTIFICATE, test.ex.klass);
-	CuAssertPtrNotNull (tc, test.ex.attrs);
+	assert_num_eq (CKO_CERTIFICATE, test.ex.klass);
+	assert_ptr_not_null (test.ex.attrs);
 	value = p11_attrs_find_value (test.ex.attrs, CKA_VALUE, &length);
-	CuAssertPtrNotNull (tc, value);
-	CuAssertTrue (tc, memcmp (value, test_cacert3_ca_der, length) == 0);
-	CuAssertPtrNotNull (tc, test.ex.cert_der);
-	CuAssertTrue (tc, memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0);
-	CuAssertPtrNotNull (tc, test.ex.cert_asn);
+	assert_ptr_not_null (value);
+	assert (memcmp (value, test_cacert3_ca_der, length) == 0);
+	assert_ptr_not_null (test.ex.cert_der);
+	assert (memcmp (test.ex.cert_der, test_cacert3_ca_der, test.ex.cert_len) == 0);
+	assert_ptr_not_null (test.ex.cert_asn);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
-
-	teardown (tc);
+	assert_num_eq (CKR_CANCEL, rv);
 }
 
 static void
-test_info_limit_purposes (CuTest *tc)
+test_info_limit_purposes (void)
 {
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
 
 	/* This should not match the above, with the stapled certificat ext */
-	CuAssertPtrEquals (tc, NULL, test.ex.limit_to_purposes);
+	assert_ptr_eq (NULL, test.ex.limit_to_purposes);
 	p11_extract_info_limit_purpose (&test.ex, "1.1.1");
-	CuAssertPtrNotNull (tc, test.ex.limit_to_purposes);
+	assert_ptr_not_null (test.ex.limit_to_purposes);
 
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
 	p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
-
-	teardown (tc);
+	assert_num_eq (CKR_CANCEL, rv);
 }
 
 static void
-test_info_invalid_purposes (CuTest *tc)
+test_info_invalid_purposes (void)
 {
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_invalid);
 
@@ -294,20 +287,16 @@ test_info_invalid_purposes (CuTest *tc)
 
 	/* No results due to invalid purpose on certificate */
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
+	assert_num_eq (CKR_CANCEL, rv);
 
 	p11_kit_be_loud ();
-
-	teardown (tc);
 }
 
 static void
-test_info_skip_non_certificate (CuTest *tc)
+test_info_skip_non_certificate (void)
 {
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
@@ -316,25 +305,21 @@ test_info_skip_non_certificate (CuTest *tc)
 	p11_message_quiet ();
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	CuAssertIntEquals (tc, CKO_CERTIFICATE, test.ex.klass);
+	assert_num_eq (CKO_CERTIFICATE, test.ex.klass);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
+	assert_num_eq (CKR_CANCEL, rv);
 
 	p11_message_loud ();
-
-	teardown (tc);
 }
 
 static void
-test_limit_to_purpose_match (CuTest *tc)
+test_limit_to_purpose_match (void)
 {
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
 
@@ -345,20 +330,16 @@ test_limit_to_purpose_match (CuTest *tc)
 	p11_message_quiet ();
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	p11_message_loud ();
-
-	teardown (tc);
 }
 
 static void
-test_limit_to_purpose_no_match (CuTest *tc)
+test_limit_to_purpose_no_match (void)
 {
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, extension_eku_server_client);
 
@@ -369,21 +350,17 @@ test_limit_to_purpose_no_match (CuTest *tc)
 	p11_message_quiet ();
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
+	assert_num_eq (CKR_CANCEL, rv);
 
 	p11_message_loud ();
-
-	teardown (tc);
 }
 
 static void
-test_duplicate_extract (CuTest *tc)
+test_duplicate_extract (void)
 {
 	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
 
@@ -392,25 +369,21 @@ test_duplicate_extract (CuTest *tc)
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
-
-	teardown (tc);
+	assert_num_eq (CKR_CANCEL, rv);
 }
 
 static void
-test_duplicate_collapse (CuTest *tc)
+test_duplicate_collapse (void)
 {
 	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
 
@@ -420,23 +393,19 @@ test_duplicate_collapse (CuTest *tc)
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
-
-	teardown (tc);
+	assert_num_eq (CKR_CANCEL, rv);
 }
 
 static void
-test_trusted_match (CuTest *tc)
+test_trusted_match (void)
 {
 	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
 	CK_BBOOL boolv;
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
 
@@ -446,27 +415,23 @@ test_trusted_match (CuTest *tc)
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	if (!p11_attrs_find_bool (test.ex.attrs, CKA_TRUSTED, &boolv))
 		boolv = CK_FALSE;
-	CuAssertIntEquals (tc, CK_TRUE, boolv);
+	assert_num_eq (CK_TRUE, boolv);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
-
-	teardown (tc);
+	assert_num_eq (CKR_CANCEL, rv);
 }
 
 static void
-test_distrust_match (CuTest *tc)
+test_distrust_match (void)
 {
 	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
 	CK_BBOOL boolv;
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
 
@@ -476,26 +441,22 @@ test_distrust_match (CuTest *tc)
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	if (!p11_attrs_find_bool (test.ex.attrs, CKA_X_DISTRUSTED, &boolv))
 		boolv = CK_FALSE;
-	CuAssertIntEquals (tc, CK_TRUE, boolv);
+	assert_num_eq (CK_TRUE, boolv);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
-
-	teardown (tc);
+	assert_num_eq (CKR_CANCEL, rv);
 }
 
 static void
-test_anytrust_match (CuTest *tc)
+test_anytrust_match (void)
 {
 	CK_ATTRIBUTE certificate = { CKA_CLASS, &certificate_class, sizeof (certificate_class) };
 	CK_RV rv;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_trusted);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_distrusted);
 
@@ -505,51 +466,38 @@ test_anytrust_match (CuTest *tc)
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = p11_kit_iter_next (test.iter);
-	CuAssertIntEquals (tc, CKR_CANCEL, rv);
-
-	teardown (tc);
+	assert_num_eq (CKR_CANCEL, rv);
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
 	mock_module_init ();
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_file_name_for_label);
-	SUITE_ADD_TEST (suite, test_file_name_for_class);
-	SUITE_ADD_TEST (suite, test_comment_for_label);
-	SUITE_ADD_TEST (suite, test_comment_not_enabled);
-	SUITE_ADD_TEST (suite, test_info_simple_certificate);
-	SUITE_ADD_TEST (suite, test_info_limit_purposes);
-	SUITE_ADD_TEST (suite, test_info_invalid_purposes);
-	SUITE_ADD_TEST (suite, test_info_skip_non_certificate);
-	SUITE_ADD_TEST (suite, test_limit_to_purpose_match);
-	SUITE_ADD_TEST (suite, test_limit_to_purpose_no_match);
-	SUITE_ADD_TEST (suite, test_duplicate_extract);
-	SUITE_ADD_TEST (suite, test_duplicate_collapse);
-	SUITE_ADD_TEST (suite, test_trusted_match);
-	SUITE_ADD_TEST (suite, test_distrust_match);
-	SUITE_ADD_TEST (suite, test_anytrust_match);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+
+	p11_test (test_file_name_for_label, "/extract/test_file_name_for_label");
+	p11_test (test_file_name_for_class, "/extract/test_file_name_for_class");
+	p11_test (test_comment_for_label, "/extract/test_comment_for_label");
+	p11_test (test_comment_not_enabled, "/extract/test_comment_not_enabled");
+
+	p11_fixture (setup, teardown);
+	p11_test (test_info_simple_certificate, "/extract/test_info_simple_certificate");
+	p11_test (test_info_limit_purposes, "/extract/test_info_limit_purposes");
+	p11_test (test_info_invalid_purposes, "/extract/test_info_invalid_purposes");
+	p11_test (test_info_skip_non_certificate, "/extract/test_info_skip_non_certificate");
+	p11_test (test_limit_to_purpose_match, "/extract/test_limit_to_purpose_match");
+	p11_test (test_limit_to_purpose_no_match, "/extract/test_limit_to_purpose_no_match");
+	p11_test (test_duplicate_extract, "/extract/test_duplicate_extract");
+	p11_test (test_duplicate_collapse, "/extract/test_duplicate_collapse");
+	p11_test (test_trusted_match, "/extract/test_trusted_match");
+	p11_test (test_distrust_match, "/extract/test_distrust_match");
+	p11_test (test_anytrust_match, "/extract/test_anytrust_match");
+
+	return p11_test_run (argc, argv);
 }
diff --git a/tools/tests/test-openssl.c b/tools/tests/test-openssl.c
index 215e0da..d393072 100644
--- a/tools/tests/test-openssl.c
+++ b/tools/tests/test-openssl.c
@@ -32,8 +32,11 @@
  * Author: Stef Walter 
  */
 
+#define P11_KIT_DISABLE_DEPRECATED
+
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-tools.h"
 
 #include "attrs.h"
 #include "buffer.h"
@@ -47,9 +50,9 @@
 #include "pkcs11.h"
 #include "pkcs11x.h"
 #include "oid.h"
-#include "test.h"
 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -65,15 +68,14 @@ struct {
 } test;
 
 static void
-setup (CuTest *tc)
+setup (void *unused)
 {
 	CK_RV rv;
 
+	mock_module_reset ();
 	memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
-	rv = p11_kit_initialize_module (&test.module);
-	CuAssertIntEquals (tc, CKR_OK, rv);
-
-	mock_module_reset_objects (MOCK_SLOT_ONE_ID);
+	rv = test.module.C_Initialize (NULL);
+	assert_num_eq (CKR_OK, rv);
 
 	test.iter = p11_kit_iter_new (NULL);
 
@@ -85,7 +87,7 @@ setup (CuTest *tc)
 }
 
 static void
-teardown (CuTest *tc)
+teardown (void *unused)
 {
 	CK_RV rv;
 
@@ -96,8 +98,8 @@ teardown (CuTest *tc)
 	p11_extract_info_cleanup (&test.ex);
 	p11_kit_iter_free (test.iter);
 
-	rv = p11_kit_finalize_module (&test.module);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	rv = test.module.C_Finalize (NULL);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
@@ -161,12 +163,10 @@ setup_objects (const CK_ATTRIBUTE *attrs,
 }
 
 static void
-test_file (CuTest *tc)
+test_file (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	setup_objects (cacert3_authority_attrs,
 	               extension_eku_server,
 	               extension_reject_email,
@@ -180,21 +180,19 @@ test_file (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_openssl_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_file (tc, test.directory, "extract.pem",
+	test_check_file (test.directory, "extract.pem",
 	                 SRCDIR "/files/cacert3-trusted-server-alias.pem");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_plain (CuTest *tc)
+test_plain (void)
 {
 	bool ret;
 
-	setup (tc);
 	setup_objects (cacert3_authority_attrs, NULL);
 
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
@@ -205,17 +203,16 @@ test_plain (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_openssl_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_file (tc, test.directory, "extract.pem",
+	test_check_file (test.directory, "extract.pem",
 	                 SRCDIR "/files/cacert3-trusted-alias.pem");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_keyid (CuTest *tc)
+test_keyid (void)
 {
 	bool ret;
 
@@ -237,7 +234,6 @@ test_keyid (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	setup (tc);
 	setup_objects (cacert3_plain, extension_subject_key_identifier, NULL);
 
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
@@ -248,17 +244,16 @@ test_keyid (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_openssl_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_file (tc, test.directory, "extract.pem",
+	test_check_file (test.directory, "extract.pem",
 	                 SRCDIR "/files/cacert3-trusted-keyid.pem");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_not_authority (CuTest *tc)
+test_not_authority (void)
 {
 	bool ret;
 
@@ -270,7 +265,6 @@ test_not_authority (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	setup (tc);
 	setup_objects (cacert3_not_trusted, NULL);
 
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
@@ -281,17 +275,16 @@ test_not_authority (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_openssl_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_file (tc, test.directory, "extract.pem",
+	test_check_file (test.directory, "extract.pem",
 	                 SRCDIR "/files/cacert3-not-trusted.pem");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_distrust_all (CuTest *tc)
+test_distrust_all (void)
 {
 	bool ret;
 
@@ -304,8 +297,6 @@ test_distrust_all (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	setup (tc);
-
 	setup_objects (cacert3_blacklist, NULL);
 
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
@@ -316,22 +307,19 @@ test_distrust_all (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_openssl_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_file (tc, test.directory, "extract.pem",
+	test_check_file (test.directory, "extract.pem",
 	                 SRCDIR "/files/cacert3-distrust-all.pem");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_file_multiple (CuTest *tc)
+test_file_multiple (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	setup_objects (cacert3_authority_attrs,
 	               extension_eku_server,
 	               extension_reject_email,
@@ -348,22 +336,19 @@ test_file_multiple (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_openssl_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_file (tc, test.directory, "extract.pem",
+	test_check_file (test.directory, "extract.pem",
 	                 SRCDIR "/files/cacert3-trusted-multiple.pem");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_file_without (CuTest *tc)
+test_file_without (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
 	p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
@@ -372,19 +357,18 @@ test_file_without (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_openssl_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_data (tc, test.directory, "extract.pem", "", 0);
+	test_check_data (test.directory, "extract.pem", "", 0);
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 /* From extract-openssl.c */
 void p11_openssl_canon_string (char *str, size_t *len);
 
 static void
-test_canon_string (CuTest *tc)
+test_canon_string (void)
 {
 	struct {
 		char *input;
@@ -417,8 +401,8 @@ test_canon_string (CuTest *tc)
 			out = strlen (fixtures[i].output);
 		else
 			out = fixtures[i].output_len;
-		CuAssertIntEquals (tc, out, len);
-		CuAssertStrEquals (tc, fixtures[i].output, str);
+		assert_num_eq (out, len);
+		assert_str_eq (fixtures[i].output, str);
 
 		free (str);
 	}
@@ -427,7 +411,7 @@ test_canon_string (CuTest *tc)
 bool   p11_openssl_canon_string_der  (p11_buffer *der);
 
 static void
-test_canon_string_der (CuTest *tc)
+test_canon_string_der (void)
 {
 	struct {
 		unsigned char input[100];
@@ -486,10 +470,10 @@ test_canon_string_der (CuTest *tc)
 		                      fixtures[i].input_len, 0, realloc, free);
 
 		ret = p11_openssl_canon_string_der (&buf);
-		CuAssertIntEquals (tc, true, ret);
+		assert_num_eq (true, ret);
 
-		CuAssertIntEquals (tc, fixtures[i].output_len, buf.len);
-		CuAssertTrue (tc, memcmp (buf.data, fixtures[i].output, buf.len) == 0);
+		assert_num_eq (fixtures[i].output_len, buf.len);
+		assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0);
 
 		p11_buffer_uninit (&buf);
 	}
@@ -499,7 +483,7 @@ bool   p11_openssl_canon_name_der     (p11_dict *asn1_defs,
                                        p11_buffer *der);
 
 static void
-test_canon_name_der (CuTest *tc)
+test_canon_name_der (void)
 {
 	struct {
 		unsigned char input[100];
@@ -541,10 +525,10 @@ test_canon_name_der (CuTest *tc)
 		                      fixtures[i].input_len, 0, realloc, free);
 
 		ret = p11_openssl_canon_name_der (asn1_defs, &buf);
-		CuAssertIntEquals (tc, true, ret);
+		assert_num_eq (true, ret);
 
-		CuAssertIntEquals (tc, fixtures[i].output_len, buf.len);
-		CuAssertTrue (tc, memcmp (buf.data, fixtures[i].output, buf.len) == 0);
+		assert_num_eq (fixtures[i].output_len, buf.len);
+		assert (memcmp (buf.data, fixtures[i].output, buf.len) == 0);
 
 		p11_buffer_uninit (&buf);
 	}
@@ -553,7 +537,7 @@ test_canon_name_der (CuTest *tc)
 }
 
 static void
-test_canon_string_der_fail (CuTest *tc)
+test_canon_string_der_fail (void)
 {
 	struct {
 		unsigned char input[100];
@@ -573,19 +557,17 @@ test_canon_string_der_fail (CuTest *tc)
 		                      fixtures[i].input_len, 0, realloc, free);
 
 		ret = p11_openssl_canon_string_der (&buf);
-		CuAssertIntEquals (tc, false, ret);
+		assert_num_eq (false, ret);
 
 		p11_buffer_uninit (&buf);
 	}
 }
 
 static void
-test_directory (CuTest *tc)
+test_directory (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	setup_objects (cacert3_authority_attrs,
 	               extension_eku_server,
 	               extension_reject_email,
@@ -604,33 +586,30 @@ test_directory (CuTest *tc)
 	test.ex.destination = test.directory;
 
 	ret = p11_extract_openssl_directory (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_directory (tc, test.directory, ("Custom_Label.pem", "Custom_Label.1.pem",
+	test_check_directory (test.directory, ("Custom_Label.pem", "Custom_Label.1.pem",
 #ifdef OS_UNIX
 	                                           "e5662767.1", "e5662767.0", "590d426f.1", "590d426f.0",
 #endif
 	                                           NULL));
-	test_check_file (tc, test.directory, "Custom_Label.pem",
+	test_check_file (test.directory, "Custom_Label.pem",
 	                 SRCDIR "/files/cacert3-trusted-server-alias.pem");
-	test_check_file (tc, test.directory, "Custom_Label.1.pem",
+	test_check_file (test.directory, "Custom_Label.1.pem",
 	                 SRCDIR "/files/cacert3-trusted-alias.pem");
 #ifdef OS_UNIX
-	test_check_symlink (tc, test.directory, "e5662767.0", "Custom_Label.pem");
-	test_check_symlink (tc, test.directory, "e5662767.1", "Custom_Label.1.pem");
-	test_check_symlink (tc, test.directory, "590d426f.0", "Custom_Label.pem");
-	test_check_symlink (tc, test.directory, "590d426f.1", "Custom_Label.1.pem");
+	test_check_symlink (test.directory, "e5662767.0", "Custom_Label.pem");
+	test_check_symlink (test.directory, "e5662767.1", "Custom_Label.1.pem");
+	test_check_symlink (test.directory, "590d426f.0", "Custom_Label.pem");
+	test_check_symlink (test.directory, "590d426f.1", "Custom_Label.1.pem");
 #endif
-	teardown (tc);
 }
 
 static void
-test_directory_empty (CuTest *tc)
+test_directory_empty (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
 	p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
@@ -641,47 +620,35 @@ test_directory_empty (CuTest *tc)
 	test.ex.destination = test.directory;
 
 	ret = p11_extract_openssl_directory (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_directory (tc, test.directory, (NULL, NULL));
-
-	teardown (tc);
+	test_check_directory (test.directory, (NULL, NULL));
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
 	mock_module_init ();
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_file);
-	SUITE_ADD_TEST (suite, test_plain);
-	SUITE_ADD_TEST (suite, test_keyid);
-	SUITE_ADD_TEST (suite, test_not_authority);
-	SUITE_ADD_TEST (suite, test_distrust_all);
-	SUITE_ADD_TEST (suite, test_file_multiple);
-	SUITE_ADD_TEST (suite, test_file_without);
-
-	SUITE_ADD_TEST (suite, test_canon_string);
-	SUITE_ADD_TEST (suite, test_canon_string_der);
-	SUITE_ADD_TEST (suite, test_canon_string_der_fail);
-	SUITE_ADD_TEST (suite, test_canon_name_der);
-
-	SUITE_ADD_TEST (suite, test_directory);
-	SUITE_ADD_TEST (suite, test_directory_empty);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+
+	p11_fixture (setup, teardown);
+	p11_test (test_file, "/openssl/test_file");
+	p11_test (test_plain, "/openssl/test_plain");
+	p11_test (test_keyid, "/openssl/test_keyid");
+	p11_test (test_not_authority, "/openssl/test_not_authority");
+	p11_test (test_distrust_all, "/openssl/test_distrust_all");
+	p11_test (test_file_multiple, "/openssl/test_file_multiple");
+	p11_test (test_file_without, "/openssl/test_file_without");
+
+	p11_fixture (NULL, NULL);
+	p11_test (test_canon_string, "/openssl/test_canon_string");
+	p11_test (test_canon_string_der, "/openssl/test_canon_string_der");
+	p11_test (test_canon_string_der_fail, "/openssl/test_canon_string_der_fail");
+	p11_test (test_canon_name_der, "/openssl/test_canon_name_der");
+
+	p11_fixture (setup, teardown);
+	p11_test (test_directory, "/openssl/test_directory");
+	p11_test (test_directory_empty, "/openssl/test_directory_empty");
+
+	return p11_test_run (argc, argv);
 }
diff --git a/tools/tests/test-pem.c b/tools/tests/test-pem.c
index dc1cb08..c74d0df 100644
--- a/tools/tests/test-pem.c
+++ b/tools/tests/test-pem.c
@@ -32,8 +32,11 @@
  * Author: Stef Walter 
  */
 
+#define P11_KIT_DISABLE_DEPRECATED
+
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-tools.h"
 
 #include "attrs.h"
 #include "compat.h"
@@ -46,7 +49,6 @@
 #include "pkcs11.h"
 #include "pkcs11x.h"
 #include "oid.h"
-#include "test.h"
 
 #include 
 #include 
@@ -62,15 +64,14 @@ struct {
 } test;
 
 static void
-setup (CuTest *tc)
+setup (void *unused)
 {
 	CK_RV rv;
 
+	mock_module_reset ();
 	memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
-	rv = p11_kit_initialize_module (&test.module);
-	CuAssertIntEquals (tc, CKR_OK, rv);
-
-	mock_module_reset_objects (MOCK_SLOT_ONE_ID);
+	rv = test.module.C_Initialize (NULL);
+	assert_num_eq (CKR_OK, rv);
 
 	test.iter = p11_kit_iter_new (NULL);
 
@@ -82,7 +83,7 @@ setup (CuTest *tc)
 }
 
 static void
-teardown (CuTest *tc)
+teardown (void *unused)
 {
 	CK_RV rv;
 
@@ -93,8 +94,8 @@ teardown (CuTest *tc)
 	p11_extract_info_cleanup (&test.ex);
 	p11_kit_iter_free (test.iter);
 
-	rv = p11_kit_finalize_module (&test.module);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	rv = test.module.C_Finalize (NULL);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
@@ -116,12 +117,10 @@ static CK_ATTRIBUTE certificate_filter[] = {
 };
 
 static void
-test_file (CuTest *tc)
+test_file (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
@@ -132,21 +131,18 @@ test_file (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_pem_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_file (tc, test.directory, "extract.pem", SRCDIR "/files/cacert3.pem");
+	test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3.pem");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_file_multiple (CuTest *tc)
+test_file_multiple (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 
@@ -158,21 +154,18 @@ test_file_multiple (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_pem_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_file (tc, test.directory, "extract.pem", SRCDIR "/files/cacert3-twice.pem");
+	test_check_file (test.directory, "extract.pem", SRCDIR "/files/cacert3-twice.pem");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_file_without (CuTest *tc)
+test_file_without (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
 	p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
@@ -181,21 +174,18 @@ test_file_without (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_pem_bundle (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_data (tc, test.directory, "extract.pem", "", 0);
+	test_check_data (test.directory, "extract.pem", "", 0);
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_directory (CuTest *tc)
+test_directory (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 
@@ -209,22 +199,18 @@ test_directory (CuTest *tc)
 	test.ex.destination = test.directory;
 
 	ret = p11_extract_pem_directory (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
-
-	test_check_directory (tc, test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL));
-	test_check_file (tc, test.directory, "Cacert3_Here.pem", SRCDIR "/files/cacert3.pem");
-	test_check_file (tc, test.directory, "Cacert3_Here.1.pem", SRCDIR "/files/cacert3.pem");
+	assert_num_eq (true, ret);
 
-	teardown (tc);
+	test_check_directory (test.directory, ("Cacert3_Here.pem", "Cacert3_Here.1.pem", NULL));
+	test_check_file (test.directory, "Cacert3_Here.pem", SRCDIR "/files/cacert3.pem");
+	test_check_file (test.directory, "Cacert3_Here.1.pem", SRCDIR "/files/cacert3.pem");
 }
 
 static void
-test_directory_empty (CuTest *tc)
+test_directory_empty (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
 	p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
@@ -235,37 +221,22 @@ test_directory_empty (CuTest *tc)
 	test.ex.destination = test.directory;
 
 	ret = p11_extract_pem_directory (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_directory (tc, test.directory, (NULL, NULL));
-
-	teardown (tc);
+	test_check_directory (test.directory, (NULL, NULL));
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
 	mock_module_init ();
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_file);
-	SUITE_ADD_TEST (suite, test_file_multiple);
-	SUITE_ADD_TEST (suite, test_file_without);
-	SUITE_ADD_TEST (suite, test_directory);
-	SUITE_ADD_TEST (suite, test_directory_empty);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+
+	p11_fixture (setup, teardown);
+	p11_test (test_file, "/pem/test_file");
+	p11_test (test_file_multiple, "/pem/test_file_multiple");
+	p11_test (test_file_without, "/pem/test_file_without");
+	p11_test (test_directory, "/pem/test_directory");
+	p11_test (test_directory_empty, "/pem/test_directory_empty");
+	return p11_test_run (argc, argv);
 }
diff --git a/tools/tests/test-save.c b/tools/tests/test-save.c
index b739c21..93af4f9 100644
--- a/tools/tests/test-save.c
+++ b/tools/tests/test-save.c
@@ -33,7 +33,8 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-tools.h"
 
 #include "attrs.h"
 #include "compat.h"
@@ -42,7 +43,6 @@
 #include "message.h"
 #include "path.h"
 #include "save.h"
-#include "test.h"
 
 #include 
 #include 
@@ -61,24 +61,23 @@ struct {
 } test;
 
 static void
-setup (CuTest *tc)
+setup (void *unused)
 {
 	test.directory = p11_path_expand ("$TEMP/test-extract.XXXXXX");
 	if (!mkdtemp (test.directory))
-		CuFail (tc, "mkdtemp() failed");
+		assert_fail ("mkdtemp() failed", strerror (errno));
 }
 
 static void
-teardown (CuTest *tc)
+teardown (void *unused)
 {
 	if (rmdir (test.directory) < 0)
-		CuFail (tc, strerror (errno));
+		assert_fail ("rmdir() failed", strerror (errno));
 	free (test.directory);
 }
 
 static void
-write_zero_file (CuTest *tc,
-                 const char *directory,
+write_zero_file (const char *directory,
                  const char *name)
 {
 	char *filename;
@@ -86,409 +85,365 @@ write_zero_file (CuTest *tc,
 	int fd;
 
 	if (asprintf (&filename, "%s/%s", directory, name) < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	fd = open (filename, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
-	CuAssertTrue (tc, fd != -1);
+	assert (fd != -1);
 	res = close (fd);
-	CuAssertTrue (tc, res >= 0);
+	assert (res >= 0);
 
 	free (filename);
 }
 
 static void
-test_file_write (CuTest *tc)
+test_file_write (void)
 {
 	p11_save_file *file;
 	char *filename;
 	bool ret;
 
-	setup (tc);
-
 	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	file = p11_save_open_file (filename, 0);
-	CuAssertPtrNotNull (tc, file);
+	assert_ptr_not_null (file);
 
 	ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 	free (filename);
 
-	test_check_file (tc, test.directory, "extract-file", SRCDIR "/files/cacert3.der");
-
-	teardown (tc);
+	test_check_file (test.directory, "extract-file", SRCDIR "/files/cacert3.der");
 }
 
 static void
-test_file_exists (CuTest *tc)
+test_file_exists (void)
 {
 	p11_save_file *file;
 	char *filename;
 
-	setup (tc);
-
 	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
-	write_zero_file (tc, test.directory, "extract-file");
+	write_zero_file (test.directory, "extract-file");
 
 	p11_message_quiet ();
 
 	file = p11_save_open_file (filename, 0);
-	CuAssertTrue (tc, file == NULL);
+	assert (file == NULL);
 
 	p11_message_loud ();
 
 	unlink (filename);
 	free (filename);
-	teardown (tc);
 }
 
 static void
-test_file_bad_directory (CuTest *tc)
+test_file_bad_directory (void)
 {
 	p11_save_file *file;
 	char *filename;
 
-	setup (tc);
-
 	if (asprintf (&filename, "/non-existent/%s/%s", test.directory, "extract-file") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	p11_message_quiet ();
 
 	file = p11_save_open_file (filename, 0);
-	CuAssertTrue (tc, file == NULL);
+	assert (file == NULL);
 
 	p11_message_loud ();
 
 	free (filename);
-	teardown (tc);
 }
 
 static void
-test_file_overwrite (CuTest *tc)
+test_file_overwrite (void)
 {
 	p11_save_file *file;
 	char *filename;
 	bool ret;
 
-	setup (tc);
-
 	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
-	write_zero_file (tc, test.directory, "extract-file");
+	write_zero_file (test.directory, "extract-file");
 
 	file = p11_save_open_file (filename, P11_SAVE_OVERWRITE);
-	CuAssertPtrNotNull (tc, file);
+	assert_ptr_not_null (file);
 
 	ret = p11_save_write_and_finish (file, test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 	free (filename);
 
-	test_check_file (tc, test.directory, "extract-file", SRCDIR "/files/cacert3.der");
-
-	teardown (tc);
+	test_check_file (test.directory, "extract-file", SRCDIR "/files/cacert3.der");
 }
 
 static void
-test_file_auto_empty (CuTest *tc)
+test_file_auto_empty (void)
 {
 	p11_save_file *file;
 	char *filename;
 	bool ret;
 
-	setup (tc);
-
 	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	file = p11_save_open_file (filename, 0);
-	CuAssertPtrNotNull (tc, file);
+	assert_ptr_not_null (file);
 
 	ret = p11_save_write_and_finish (file, NULL, -1);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 	free (filename);
 
-	test_check_file (tc, test.directory, "extract-file", SRCDIR "/files/empty-file");
-
-	teardown (tc);
+	test_check_file (test.directory, "extract-file", SRCDIR "/files/empty-file");
 }
 
 static void
-test_file_auto_length (CuTest *tc)
+test_file_auto_length (void)
 {
 	p11_save_file *file;
 	char *filename;
 	bool ret;
 
-	setup (tc);
-
 	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	file = p11_save_open_file (filename, 0);
-	CuAssertPtrNotNull (tc, file);
+	assert_ptr_not_null (file);
 
 	ret = p11_save_write_and_finish (file, "The simple string is hairy", -1);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 	free (filename);
 
-	test_check_file (tc, test.directory, "extract-file", SRCDIR "/files/simple-string");
-
-	teardown (tc);
+	test_check_file (test.directory, "extract-file", SRCDIR "/files/simple-string");
 }
 
 static void
-test_write_with_null (CuTest *tc)
+test_write_with_null (void)
 {
 	bool ret;
 
 	ret = p11_save_write (NULL, "test", 4);
-	CuAssertIntEquals (tc, false, ret);
+	assert_num_eq (false, ret);
 }
 
 static void
-test_write_and_finish_with_null (CuTest *tc)
+test_write_and_finish_with_null (void)
 {
 	bool ret;
 
 	ret = p11_save_write_and_finish (NULL, "test", 4);
-	CuAssertIntEquals (tc, false, ret);
+	assert_num_eq (false, ret);
 }
 
 static void
-test_file_abort (CuTest *tc)
+test_file_abort (void)
 {
 	struct stat st;
 	p11_save_file *file;
 	char *filename;
 	bool ret;
 
-	setup (tc);
-
 	if (asprintf (&filename, "%s/%s", test.directory, "extract-file") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	file = p11_save_open_file (filename, 0);
-	CuAssertPtrNotNull (tc, file);
+	assert_ptr_not_null (file);
 
 	ret = p11_save_finish_file (file, false);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
 	if (stat (filename, &st) >= 0 || errno != ENOENT)
-		CuFail (tc, "file should not exist");
+		assert_fail ("file should not exist", filename);
 
 	free (filename);
-
-	teardown (tc);
 }
 
 
 static void
-test_directory_empty (CuTest *tc)
+test_directory_empty (void)
 {
 	p11_save_dir *dir;
 	char *subdir;
 	bool ret;
 
-	setup (tc);
-
 	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	dir = p11_save_open_directory (subdir, 0);
-	CuAssertPtrNotNull (tc, dir);
+	assert_ptr_not_null (dir);
 
 	ret = p11_save_finish_directory (dir, true);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_directory (tc, subdir, (NULL, NULL));
+	test_check_directory (subdir, (NULL, NULL));
 
-	CuAssertTrue (tc, rmdir (subdir) >= 0);
+	assert (rmdir (subdir) >= 0);
 	free (subdir);
-
-	teardown (tc);
 }
 
 static void
-test_directory_files (CuTest *tc)
+test_directory_files (void)
 {
 	const char *filename;
 	p11_save_dir *dir;
 	char *subdir;
 	bool ret;
 
-	setup (tc);
-
 	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	dir = p11_save_open_directory (subdir, 0);
-	CuAssertPtrNotNull (tc, dir);
+	assert_ptr_not_null (dir);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "blah", ".cer", &filename),
 	                                 test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	CuAssertIntEquals (tc, true, ret);
-	CuAssertStrEquals (tc, "blah.cer", filename);
+	assert_num_eq (true, ret);
+	assert_str_eq ("blah.cer", filename);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename),
 	                                 test_text, strlen (test_text));
-	CuAssertIntEquals (tc, true, ret);
-	CuAssertStrEquals (tc, "file.txt", filename);
+	assert_num_eq (true, ret);
+	assert_str_eq ("file.txt", filename);
 
 #ifdef OS_UNIX
 	ret = p11_save_symlink_in (dir, "link", ".ext", "/the/destination");
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 #endif
 
 	ret = p11_save_finish_directory (dir, true);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_directory (tc, subdir, ("blah.cer", "file.txt",
+	test_check_directory (subdir, ("blah.cer", "file.txt",
 #ifdef OS_UNIX
 	                      "link.ext",
 #endif
 	                      NULL));
-	test_check_file (tc, subdir, "blah.cer", SRCDIR "/files/cacert3.der");
-	test_check_data (tc, subdir, "file.txt", test_text, strlen (test_text));
+	test_check_file (subdir, "blah.cer", SRCDIR "/files/cacert3.der");
+	test_check_data (subdir, "file.txt", test_text, strlen (test_text));
 #ifdef OS_UNIX
-	test_check_symlink (tc, subdir, "link.ext", "/the/destination");
+	test_check_symlink (subdir, "link.ext", "/the/destination");
 #endif
 
-	CuAssertTrue (tc, rmdir (subdir) >= 0);
+	assert (rmdir (subdir) >= 0);
 	free (subdir);
-
-	teardown (tc);
 }
 
 static void
-test_directory_dups (CuTest *tc)
+test_directory_dups (void)
 {
 	const char *filename;
 	p11_save_dir *dir;
 	char *subdir;
 	bool ret;
 
-	setup (tc);
-
 	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	dir = p11_save_open_directory (subdir, 0);
-	CuAssertPtrNotNull (tc, dir);
+	assert_ptr_not_null (dir);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename),
 	                                 test_text, 5);
-	CuAssertIntEquals (tc, true, ret);
-	CuAssertStrEquals (tc, "file.txt", filename);
+	assert_num_eq (true, ret);
+	assert_str_eq ("file.txt", filename);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename),
 	                                 test_text, 10);
-	CuAssertIntEquals (tc, true, ret);
-	CuAssertStrEquals (tc, "file.1.txt", filename);
+	assert_num_eq (true, ret);
+	assert_str_eq ("file.1.txt", filename);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", NULL),
 	                                 test_text, 15);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL, NULL),
 	                                 test_text, 8);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "no-ext", NULL, NULL),
 	                                 test_text, 16);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0", NULL),
 	                                 test_text, 14);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "with-num", ".0", NULL),
 	                                 test_text, 15);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
 #ifdef OS_UNIX
 	ret = p11_save_symlink_in (dir, "link", ".0", "/destination1");
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
 	ret = p11_save_symlink_in (dir, "link", ".0", "/destination2");
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 #endif
 
 	ret = p11_save_finish_directory (dir, true);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_directory (tc, subdir, ("file.txt", "file.1.txt", "file.2.txt",
+	test_check_directory (subdir, ("file.txt", "file.1.txt", "file.2.txt",
 	                                   "no-ext", "no-ext.1",
 	                                   "with-num.0", "with-num.1",
 #ifdef OS_UNIX
 	                                   "link.0", "link.1",
 #endif
 	                                   NULL));
-	test_check_data (tc, subdir, "file.txt", test_text, 5);
-	test_check_data (tc, subdir, "file.1.txt", test_text, 10);
-	test_check_data (tc, subdir, "file.2.txt", test_text, 15);
-	test_check_data (tc, subdir, "no-ext", test_text, 8);
-	test_check_data (tc, subdir, "no-ext.1", test_text, 16);
-	test_check_data (tc, subdir, "with-num.0", test_text, 14);
-	test_check_data (tc, subdir, "with-num.1", test_text, 15);
+	test_check_data (subdir, "file.txt", test_text, 5);
+	test_check_data (subdir, "file.1.txt", test_text, 10);
+	test_check_data (subdir, "file.2.txt", test_text, 15);
+	test_check_data (subdir, "no-ext", test_text, 8);
+	test_check_data (subdir, "no-ext.1", test_text, 16);
+	test_check_data (subdir, "with-num.0", test_text, 14);
+	test_check_data (subdir, "with-num.1", test_text, 15);
 #ifdef OS_UNIX
-	test_check_symlink (tc, subdir, "link.0", "/destination1");
-	test_check_symlink (tc, subdir, "link.1", "/destination2");
+	test_check_symlink (subdir, "link.0", "/destination1");
+	test_check_symlink (subdir, "link.1", "/destination2");
 #endif
 
-	CuAssertTrue (tc, rmdir (subdir) >= 0);
+	assert (rmdir (subdir) >= 0);
 	free (subdir);
-
-	teardown (tc);
 }
 
 static void
-test_directory_exists (CuTest *tc)
+test_directory_exists (void)
 {
 	p11_save_dir *dir;
 	char *subdir;
 
-	setup (tc);
-
 	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 #ifdef OS_UNIX
 	if (mkdir (subdir, S_IRWXU) < 0)
 #else
 	if (mkdir (subdir) < 0)
 #endif
-		CuFail (tc, "mkdir() failed");
+		assert_fail ("mkdir() failed", subdir);
 
 	p11_message_quiet ();
 
 	dir = p11_save_open_directory (subdir, 0);
-	CuAssertPtrEquals (tc, NULL, dir);
+	assert_ptr_eq (NULL, dir);
 
 	p11_message_loud ();
 
 	rmdir (subdir);
 	free (subdir);
-
-	teardown (tc);
 }
 
 static void
-test_directory_overwrite (CuTest *tc)
+test_directory_overwrite (void)
 {
 	const char *filename;
 	p11_save_dir *dir;
 	char *subdir;
 	bool ret;
 
-	setup (tc);
-
 	if (asprintf (&subdir, "%s/%s", test.directory, "extract-dir") < 0)
-		CuFail (tc, "asprintf() failed");
+		assert_not_reached ();
 
 	/* Some initial files into this directory, which get overwritten */
 	dir = p11_save_open_directory (subdir, 0);
@@ -496,74 +451,62 @@ test_directory_overwrite (CuTest *tc)
 	      p11_save_write_and_finish (p11_save_open_file_in (dir, "another-file", NULL, NULL), "", 0) &&
 	      p11_save_write_and_finish (p11_save_open_file_in (dir, "third-file", NULL, NULL), "", 0) &&
 	      p11_save_finish_directory (dir, true);
-	CuAssertTrue (tc, ret && dir);
+	assert (ret && dir);
 
 	/* Now the actual test, using the same directory */
 	dir = p11_save_open_directory (subdir, P11_SAVE_OVERWRITE);
-	CuAssertPtrNotNull (tc, dir);
+	assert_ptr_not_null (dir);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "blah", ".cer", &filename),
 	                                 test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	CuAssertIntEquals (tc, true, ret);
-	CuAssertStrEquals (tc, "blah.cer", filename);
+	assert_num_eq (true, ret);
+	assert_str_eq ("blah.cer", filename);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename),
 	                                 test_text, strlen (test_text));
-	CuAssertIntEquals (tc, true, ret);
-	CuAssertStrEquals (tc, "file.txt", filename);
+	assert_num_eq (true, ret);
+	assert_str_eq ("file.txt", filename);
 
 	ret = p11_save_write_and_finish (p11_save_open_file_in (dir, "file", ".txt", &filename),
 	                                 test_text, 10);
-	CuAssertIntEquals (tc, true, ret);
-	CuAssertStrEquals (tc, "file.1.txt", filename);
+	assert_num_eq (true, ret);
+	assert_str_eq ("file.1.txt", filename);
 
 	ret = p11_save_finish_directory (dir, true);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_directory (tc, subdir, ("blah.cer", "file.txt", "file.1.txt", NULL));
-	test_check_data (tc, subdir, "blah.cer", test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
-	test_check_data (tc, subdir, "file.txt", test_text, strlen (test_text));
-	test_check_data (tc, subdir, "file.1.txt", test_text, 10);
+	test_check_directory (subdir, ("blah.cer", "file.txt", "file.1.txt", NULL));
+	test_check_data (subdir, "blah.cer", test_cacert3_ca_der, sizeof (test_cacert3_ca_der));
+	test_check_data (subdir, "file.txt", test_text, strlen (test_text));
+	test_check_data (subdir, "file.1.txt", test_text, 10);
 
-	CuAssertTrue (tc, rmdir (subdir) >= 0);
+	assert (rmdir (subdir) >= 0);
 	free (subdir);
-
-	teardown (tc);
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_file_write);
-	SUITE_ADD_TEST (suite, test_file_exists);
-	SUITE_ADD_TEST (suite, test_file_bad_directory);
-	SUITE_ADD_TEST (suite, test_file_overwrite);
-	SUITE_ADD_TEST (suite, test_file_auto_empty);
-	SUITE_ADD_TEST (suite, test_file_auto_length);
-	SUITE_ADD_TEST (suite, test_write_with_null);
-	SUITE_ADD_TEST (suite, test_write_and_finish_with_null);
-	SUITE_ADD_TEST (suite, test_file_abort);
-
-	SUITE_ADD_TEST (suite, test_directory_empty);
-	SUITE_ADD_TEST (suite, test_directory_files);
-	SUITE_ADD_TEST (suite, test_directory_dups);
-	SUITE_ADD_TEST (suite, test_directory_exists);
-	SUITE_ADD_TEST (suite, test_directory_overwrite);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+	p11_fixture (setup, teardown);
+	p11_test (test_file_write, "/save/test_file_write");
+	p11_test (test_file_exists, "/save/test_file_exists");
+	p11_test (test_file_bad_directory, "/save/test_file_bad_directory");
+	p11_test (test_file_overwrite, "/save/test_file_overwrite");
+	p11_test (test_file_auto_empty, "/save/test_file_auto_empty");
+	p11_test (test_file_auto_length, "/save/test_file_auto_length");
+
+	p11_fixture (NULL, NULL);
+	p11_test (test_write_with_null, "/save/test_write_with_null");
+	p11_test (test_write_and_finish_with_null, "/save/test_write_and_finish_with_null");
+
+	p11_fixture (setup, teardown);
+	p11_test (test_file_abort, "/save/test_file_abort");
+
+	p11_test (test_directory_empty, "/save/test_directory_empty");
+	p11_test (test_directory_files, "/save/test_directory_files");
+	p11_test (test_directory_dups, "/save/test_directory_dups");
+	p11_test (test_directory_exists, "/save/test_directory_exists");
+	p11_test (test_directory_overwrite, "/save/test_directory_overwrite");
+	return p11_test_run (argc, argv);
 }
diff --git a/tools/tests/test.c b/tools/tests/test-tools.c
similarity index 69%
rename from tools/tests/test.c
rename to tools/tests/test-tools.c
index 4ba2162..0c8b624 100644
--- a/tools/tests/test.c
+++ b/tools/tests/test-tools.c
@@ -33,24 +33,27 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
 
 #include "debug.h"
-#include "test.h"
+#include "test-tools.h"
 
 #include 
 
 #include 
 #include 
+#include 
 #include 
+#include 
 #include 
+#include 
 #include 
 #include 
 
 static char *
-read_file (CuTest *tc,
-           const char *file,
+read_file (const char *file,
            int line,
+           const char *function,
            const char *filename,
            long *len)
 {
@@ -60,11 +63,11 @@ read_file (CuTest *tc,
 
 	f = fopen (filename, "rb");
 	if (f == NULL)
-		CuFail_Line (tc, file, line, "Couldn't open file", filename);
+		p11_test_fail (file, line, function, "Couldn't open file: %s", filename);
 
 	/* Figure out size */
 	if (stat (filename, &sb) < 0)
-		CuFail_Line (tc, file, line, "Couldn't stat file", filename);
+		p11_test_fail (file, line, function, "Couldn't stat file: %s", filename);
 
 	*len = sb.st_size;
 	data = malloc (*len ? *len : 1);
@@ -72,7 +75,7 @@ read_file (CuTest *tc,
 
 	/* And read in one block */
 	if (fread (data, 1, *len, f) != *len)
-		CuFail_Line (tc, file, line, "Couldn't read file", filename);
+		p11_test_fail (file, line, function, "Couldn't read file: %s", filename);
 
 	fclose (f);
 
@@ -80,9 +83,9 @@ read_file (CuTest *tc,
 }
 
 void
-test_check_file_msg (CuTest *tc,
-                     const char *file,
+test_check_file_msg (const char *file,
                      int line,
+                     const char *function,
                      const char *directory,
                      const char *name,
                      const char *reference)
@@ -90,15 +93,15 @@ test_check_file_msg (CuTest *tc,
 	char *refdata;
 	long reflen;
 
-	refdata = read_file (tc, file, line, reference, &reflen);
-	test_check_data_msg (tc, file, line, directory, name, refdata, reflen);
+	refdata = read_file (file, line, function, reference, &reflen);
+	test_check_data_msg (file, line, function, directory, name, refdata, reflen);
 	free (refdata);
 }
 
 void
-test_check_data_msg (CuTest *tc,
-                     const char *file,
+test_check_data_msg (const char *file,
                      int line,
+                     const char *function,
                      const char *directory,
                      const char *name,
                      const void *refdata,
@@ -109,14 +112,15 @@ test_check_data_msg (CuTest *tc,
 	long filelen;
 
 	if (asprintf (&filename, "%s/%s", directory, name) < 0)
-		CuFail_Line (tc, file, line, "asprintf() failed", NULL);
+		assert_not_reached ();
 
-	filedata = read_file (tc, file, line, filename, &filelen);
+	filedata = read_file (file, line, function, filename, &filelen);
 
 	if (filelen != reflen || memcmp (filedata, refdata, reflen) != 0)
-		CuFail_Line (tc, file, line, "File contents not as expected", filename);
+		p11_test_fail (file, line, function, "File contents not as expected: %s", filename);
 
-	CuAssert_Line (tc, file, line, "couldn't remove file", unlink (filename) >= 0);
+	if (unlink (filename) < 0)
+		p11_test_fail (file, line, function, "Couldn't remove file: %s", filename);
 	free (filename);
 	free (filedata);
 }
@@ -124,9 +128,9 @@ test_check_data_msg (CuTest *tc,
 #ifdef OS_UNIX
 
 void
-test_check_symlink_msg (CuTest *tc,
-                        const char *file,
+test_check_symlink_msg (const char *file,
                         int line,
+                        const char *function,
                         const char *directory,
                         const char *name,
                         const char *destination)
@@ -135,14 +139,16 @@ test_check_symlink_msg (CuTest *tc,
 	char *filename;
 
 	if (asprintf (&filename, "%s/%s", directory, name) < 0)
-		CuFail_Line (tc, file, line, "asprintf() failed", NULL);
+		assert_not_reached ();
 
 	if (readlink (filename, buf, sizeof (buf)) < 0)
-		CuFail_Line (tc, file, line, "Couldn't read symlink", filename);
+		p11_test_fail (file, line, function, "Couldn't read symlink: %s", filename);
 
-	CuAssertStrEquals_LineMsg (tc, file, line, "symlink contents wrong", destination, buf);
+	if (strcmp (destination, buf) != 0)
+		p11_test_fail (file, line, function, "Symlink contents wrong: %s != %s", destination, buf);
 
-	CuAssert_Line (tc, file, line, "couldn't remove symlink", unlink (filename) >= 0);
+	if (unlink (filename) < 0)
+		p11_test_fail (file, line, function, "Couldn't remove symlink: %s", filename);
 	free (filename);
 }
 
@@ -171,9 +177,9 @@ test_check_directory_files (const char *file,
 }
 
 void
-test_check_directory_msg (CuTest *tc,
-                          const char *file,
+test_check_directory_msg (const char *file,
                           int line,
+                          const char *function,
                           const char *directory,
                           p11_dict *files)
 {
@@ -184,7 +190,7 @@ test_check_directory_msg (CuTest *tc,
 
 	dir = opendir (directory);
 	if (dir == NULL)
-		CuFail_Line (tc, file ,line, "Couldn't open directory", directory);
+		p11_test_fail (file ,line, function, "Couldn't open directory: %s", directory);
 
 	while ((dp = readdir (dir)) != NULL) {
 		if (strcmp (dp->d_name, ".") == 0 ||
@@ -192,18 +198,19 @@ test_check_directory_msg (CuTest *tc,
 			continue;
 
 		if (!p11_dict_remove (files, dp->d_name))
-			CuFail_Line (tc, file, line, "Unexpected file in directory", dp->d_name);
+			p11_test_fail  (file, line, function, "Unexpected file in directory: %s", dp->d_name);
 	}
 
 	closedir (dir);
 
 #ifdef OS_UNIX
-	CuAssert_Line (tc, file, line, "couldn't chown directory", chmod (directory, S_IRWXU) >= 0);
+	if (chmod (directory, S_IRWXU) < 0)
+		p11_test_fail (file, line, function, "couldn't chown directory: %s: %s", directory, strerror (errno));
 #endif
 
 	p11_dict_iterate (files, &iter);
 	while (p11_dict_next (&iter, (void **)&name, NULL))
-		CuFail_Line (tc, file, line, "Couldn't find file in directory", name);
+		p11_test_fail (file, line, function, "Couldn't find file in directory: %s", name);
 
 	p11_dict_free (files);
 }
diff --git a/tools/tests/test.h b/tools/tests/test-tools.h
similarity index 93%
rename from tools/tests/test.h
rename to tools/tests/test-tools.h
index de2bdc1..8e66c54 100644
--- a/tools/tests/test.h
+++ b/tools/tests/test-tools.h
@@ -35,7 +35,7 @@
 #ifndef TEST_COMMON_H_
 #define TEST_COMMON_H_
 
-#include "CuTest.h"
+#include "test.h"
 
 #include "dict.h"
 
@@ -205,16 +205,16 @@ static const char test_eku_none[] = {
 	0x30, 0x00,
 };
 
-void       test_check_file_msg          (CuTest *tc,
-                                         const char *file,
+void       test_check_file_msg          (const char *file,
                                          int line,
+                                         const char *function,
                                          const char *directory,
                                          const char *filename,
                                          const char *reference);
 
-void       test_check_data_msg          (CuTest *tc,
-                                         const char *file,
+void       test_check_data_msg          (const char *file,
                                          int line,
+                                         const char *function,
                                          const char *directory,
                                          const char *filename,
                                          const void *refdata,
@@ -222,9 +222,9 @@ void       test_check_data_msg          (CuTest *tc,
 
 #ifdef OS_UNIX
 
-void       test_check_symlink_msg       (CuTest *tc,
-                                         const char *file,
+void       test_check_symlink_msg       (const char *file,
                                          int line,
+                                         const char *function,
                                          const char *directory,
                                          const char *name,
                                          const char *destination);
@@ -234,27 +234,27 @@ void       test_check_symlink_msg       (CuTest *tc,
 p11_dict * test_check_directory_files   (const char *file,
                                          ...) GNUC_NULL_TERMINATED;
 
-void       test_check_directory_msg     (CuTest *tc,
-                                         const char *file,
+void       test_check_directory_msg     (const char *file,
                                          int line,
+                                         const char *function,
                                          const char *directory,
                                          p11_dict *files);
 
-#define test_check_file(tc, directory, name, reference) \
-	(test_check_file_msg (tc, __FILE__, __LINE__, directory, name, reference))
+#define test_check_file(directory, name, reference) \
+	(test_check_file_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, reference))
 
-#define test_check_data(tc, directory, name, data, length) \
-	(test_check_data_msg (tc, __FILE__, __LINE__, directory, name, data, length))
+#define test_check_data(directory, name, data, length) \
+	(test_check_data_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, data, length))
 
 #ifdef OS_UNIX
 
-#define test_check_symlink(tc, directory, name, destination) \
-	(test_check_symlink_msg (tc, __FILE__, __LINE__, directory, name, destination))
+#define test_check_symlink(directory, name, destination) \
+	(test_check_symlink_msg (__FILE__, __LINE__, __FUNCTION__, directory, name, destination))
 
 #endif /* OS_UNIX */
 
-#define test_check_directory(tc, directory, files) \
-	(test_check_directory_msg (tc, __FILE__, __LINE__, directory, \
+#define test_check_directory(directory, files) \
+	(test_check_directory_msg (__FILE__, __LINE__, __FUNCTION__, directory, \
 	                           test_check_directory_files files))
 
 #endif /* TEST_COMMON_H_ */
diff --git a/tools/tests/test-x509.c b/tools/tests/test-x509.c
index e952e53..693aaa0 100644
--- a/tools/tests/test-x509.c
+++ b/tools/tests/test-x509.c
@@ -32,8 +32,11 @@
  * Author: Stef Walter 
  */
 
+#define P11_KIT_DISABLE_DEPRECATED
+
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-tools.h"
 
 #include "attrs.h"
 #include "compat.h"
@@ -46,7 +49,6 @@
 #include "pkcs11.h"
 #include "pkcs11x.h"
 #include "oid.h"
-#include "test.h"
 
 #include 
 #include 
@@ -62,15 +64,14 @@ struct {
 } test;
 
 static void
-setup (CuTest *tc)
+setup (void *unused)
 {
 	CK_RV rv;
 
+	mock_module_reset ();
 	memcpy (&test.module, &mock_module, sizeof (CK_FUNCTION_LIST));
-	rv = p11_kit_initialize_module (&test.module);
-	CuAssertIntEquals (tc, CKR_OK, rv);
-
-	mock_module_reset_objects (MOCK_SLOT_ONE_ID);
+	rv = test.module.C_Initialize (NULL);
+	assert_num_eq (CKR_OK, rv);
 
 	test.iter = p11_kit_iter_new (NULL);
 
@@ -78,23 +79,23 @@ setup (CuTest *tc)
 
 	test.directory = p11_path_expand ("$TEMP/test-extract.XXXXXX");
 	if (!mkdtemp (test.directory))
-		CuFail (tc, "mkdtemp() failed");
+		assert_fail ("mkdtemp() failed", test.directory);
 }
 
 static void
-teardown (CuTest *tc)
+teardown (void *unused)
 {
 	CK_RV rv;
 
 	if (rmdir (test.directory) < 0)
-		CuFail (tc, "rmdir() failed");
+		assert_fail ("rmdir() failed", test.directory);
 	free (test.directory);
 
 	p11_extract_info_cleanup (&test.ex);
 	p11_kit_iter_free (test.iter);
 
-	rv = p11_kit_finalize_module (&test.module);
-	CuAssertIntEquals (tc, CKR_OK, rv);
+	rv = test.module.C_Finalize (NULL);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static CK_OBJECT_CLASS certificate_class = CKO_CERTIFICATE;
@@ -116,12 +117,10 @@ static CK_ATTRIBUTE certificate_filter[] = {
 };
 
 static void
-test_file (CuTest *tc)
+test_file (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
@@ -132,21 +131,18 @@ test_file (CuTest *tc)
 		assert_not_reached ();
 
 	ret = p11_extract_x509_file (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_file (tc, test.directory, "extract.cer", SRCDIR "/files/cacert3.der");
+	test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_file_multiple (CuTest *tc)
+test_file_multiple (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 
@@ -160,25 +156,22 @@ test_file_multiple (CuTest *tc)
 	p11_message_quiet ();
 
 	ret = p11_extract_x509_file (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	CuAssertTrue (tc, strstr (p11_message_last (), "multiple certificates") != NULL);
+	assert (strstr (p11_message_last (), "multiple certificates") != NULL);
 
 	p11_message_loud ();
 
-	test_check_file (tc, test.directory, "extract.cer", SRCDIR "/files/cacert3.der");
+	test_check_file (test.directory, "extract.cer", SRCDIR "/files/cacert3.der");
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_file_without (CuTest *tc)
+test_file_without (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
 	p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
@@ -189,23 +182,20 @@ test_file_without (CuTest *tc)
 	p11_message_quiet ();
 
 	ret = p11_extract_x509_file (test.iter, &test.ex);
-	CuAssertIntEquals (tc, false, ret);
+	assert_num_eq (false, ret);
 
-	CuAssertTrue (tc, strstr (p11_message_last (), "no certificate") != NULL);
+	assert (strstr (p11_message_last (), "no certificate") != NULL);
 
 	p11_message_loud ();
 
 	free (test.ex.destination);
-	teardown (tc);
 }
 
 static void
-test_directory (CuTest *tc)
+test_directory (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 	mock_module_add_object (MOCK_SLOT_ONE_ID, cacert3_authority_attrs);
 
@@ -219,22 +209,18 @@ test_directory (CuTest *tc)
 	test.ex.destination = test.directory;
 
 	ret = p11_extract_x509_directory (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
-
-	test_check_directory (tc, test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL));
-	test_check_file (tc, test.directory, "Cacert3_Here.cer", SRCDIR "/files/cacert3.der");
-	test_check_file (tc, test.directory, "Cacert3_Here.1.cer", SRCDIR "/files/cacert3.der");
+	assert_num_eq (true, ret);
 
-	teardown (tc);
+	test_check_directory (test.directory, ("Cacert3_Here.cer", "Cacert3_Here.1.cer", NULL));
+	test_check_file (test.directory, "Cacert3_Here.cer", SRCDIR "/files/cacert3.der");
+	test_check_file (test.directory, "Cacert3_Here.1.cer", SRCDIR "/files/cacert3.der");
 }
 
 static void
-test_directory_empty (CuTest *tc)
+test_directory_empty (void)
 {
 	bool ret;
 
-	setup (tc);
-
 	p11_kit_iter_add_callback (test.iter, p11_extract_info_load_filter, &test.ex, NULL);
 	p11_kit_iter_add_filter (test.iter, certificate_filter, 1);
 	p11_kit_iter_begin_with (test.iter, &test.module, 0, 0);
@@ -245,37 +231,22 @@ test_directory_empty (CuTest *tc)
 	test.ex.destination = test.directory;
 
 	ret = p11_extract_x509_directory (test.iter, &test.ex);
-	CuAssertIntEquals (tc, true, ret);
+	assert_num_eq (true, ret);
 
-	test_check_directory (tc, test.directory, (NULL, NULL));
-
-	teardown (tc);
+	test_check_directory (test.directory, (NULL, NULL));
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
 	mock_module_init ();
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_file);
-	SUITE_ADD_TEST (suite, test_file_multiple);
-	SUITE_ADD_TEST (suite, test_file_without);
-	SUITE_ADD_TEST (suite, test_directory);
-	SUITE_ADD_TEST (suite, test_directory_empty);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+
+	p11_fixture (setup, teardown);
+	p11_test (test_file, "/x509/test_file");
+	p11_test (test_file_multiple, "/x509/test_file_multiple");
+	p11_test (test_file_without, "/x509/test_file_without");
+	p11_test (test_directory, "/x509/test_directory");
+	p11_test (test_directory_empty, "/x509/test_directory_empty");
+	return p11_test_run (argc, argv);
 }
diff --git a/tools/tool.c b/tools/tool.c
index 313484a..a2dbcbd 100644
--- a/tools/tool.c
+++ b/tools/tool.c
@@ -194,19 +194,20 @@ exec_external (const char *command,
                char *argv[])
 {
 	char *filename;
-	char *path;
+	const char *path;
+	char *env;
 
 	if (!asprintf (&filename, "p11-kit-%s", command) < 0)
 		return_if_reached ();
 
 	/* Add our libexec directory to the path */
-	path = p11_path_build (PRIVATEDIR, filename, NULL);
-	return_if_fail (path != NULL);
+	path = getenv ("PATH");
+	if (!asprintf (&env, "PATH=%s%s%s", path ? path : "", path ? P11_PATH_SEP : "", PRIVATEDIR))
+		return_if_reached ();
+	putenv (env);
 
 	argv[0] = filename;
-	argv[argc] = NULL;
-
-	execvp (path, argv);
+	execvp (filename, argv);
 }
 
 static void
@@ -247,8 +248,6 @@ main (int argc, char *argv[])
 			if (!command) {
 				skip = true;
 				command = argv[in];
-			} else {
-				skip = false;
 			}
 
 		/* The global long options */
diff --git a/trust/Makefile.am b/trust/Makefile.am
index 875c8c4..4a3430c 100644
--- a/trust/Makefile.am
+++ b/trust/Makefile.am
@@ -5,7 +5,7 @@ SUBDIRS = . tests
 
 COMMON = $(top_srcdir)/common
 
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(top_srcdir)/common \
 	-DDATADIR=\"$(datadir)\" \
@@ -56,9 +56,5 @@ libtrust_testable_la_LDFLAGS = \
 
 libtrust_testable_la_SOURCES = $(MODULE_SRCS)
 
-externaldir = $(privatedir)
-external_SCRIPTS = \
-	p11-kit-extract-trust
-
 EXTRA_DIST = \
 	p11-kit-trust.module
diff --git a/trust/Makefile.in b/trust/Makefile.in
index d7d5e38..400a3de 100644
--- a/trust/Makefile.in
+++ b/trust/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.13.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2012 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -15,53 +15,24 @@
 @SET_MAKE@
 
 
-
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
+am__make_dryrun = \
+  { \
+    am__dry=no; \
     case $$MAKEFLAGS in \
       *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
+        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
+          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+      *) \
+        for am__flg in $$MAKEFLAGS; do \
+          case $$am__flg in \
+            *=*|--*) ;; \
+            *n*) am__dry=yes; break;; \
+          esac; \
+        done;; \
     esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+    test $$am__dry = yes; \
+  }
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -81,8 +52,7 @@ POST_UNINSTALL = :
 build_triplet = @build@
 host_triplet = @host@
 DIST_COMMON = $(top_srcdir)/build/Makefile.decl $(srcdir)/Makefile.in \
-	$(srcdir)/Makefile.am $(srcdir)/p11-kit-extract-trust.in \
-	$(top_srcdir)/depcomp
+	$(srcdir)/Makefile.am $(top_srcdir)/depcomp
 subdir = trust
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/build/m4/gettext.m4 \
@@ -101,7 +71,7 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES = p11-kit-extract-trust
+CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
 am__vpath_adj = case $$p in \
@@ -130,8 +100,7 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-am__installdirs = "$(DESTDIR)$(moduledir)" "$(DESTDIR)$(externaldir)" \
-	"$(DESTDIR)$(configdir)"
+am__installdirs = "$(DESTDIR)$(moduledir)" "$(DESTDIR)$(configdir)"
 LTLIBRARIES = $(module_LTLIBRARIES) $(noinst_LTLIBRARIES)
 libtrust_testable_la_LIBADD =
 am__objects_1 =
@@ -162,7 +131,6 @@ p11_kit_trust_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
 	$(p11_kit_trust_la_CFLAGS) $(CFLAGS) \
 	$(p11_kit_trust_la_LDFLAGS) $(LDFLAGS) -o $@
-SCRIPTS = $(external_SCRIPTS)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -314,6 +282,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LCOV = @LCOV@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
+LIBFFI_CFLAGS = @LIBFFI_CFLAGS@
+LIBFFI_LIBS = @LIBFFI_LIBS@
 LIBICONV = @LIBICONV@
 LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
@@ -429,7 +399,7 @@ with_trust_paths = @with_trust_paths@
 NULL = 
 SUBDIRS = . tests
 COMMON = $(top_srcdir)/common
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(top_srcdir)/common \
 	-DDATADIR=\"$(datadir)\" \
@@ -477,10 +447,6 @@ libtrust_testable_la_LDFLAGS = \
 	-no-undefined
 
 libtrust_testable_la_SOURCES = $(MODULE_SRCS)
-externaldir = $(privatedir)
-external_SCRIPTS = \
-	p11-kit-extract-trust
-
 EXTRA_DIST = \
 	p11-kit-trust.module
 
@@ -519,8 +485,6 @@ $(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
 $(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
 	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
 $(am__aclocal_m4_deps):
-p11-kit-extract-trust: $(top_builddir)/config.status $(srcdir)/p11-kit-extract-trust.in
-	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
 
 install-moduleLTLIBRARIES: $(module_LTLIBRARIES)
 	@$(NORMAL_INSTALL)
@@ -567,47 +531,10 @@ clean-noinstLTLIBRARIES:
 	  echo rm -f $${locs}; \
 	  rm -f $${locs}; \
 	}
-
 libtrust-testable.la: $(libtrust_testable_la_OBJECTS) $(libtrust_testable_la_DEPENDENCIES) $(EXTRA_libtrust_testable_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(libtrust_testable_la_LINK)  $(libtrust_testable_la_OBJECTS) $(libtrust_testable_la_LIBADD) $(LIBS)
-
 p11-kit-trust.la: $(p11_kit_trust_la_OBJECTS) $(p11_kit_trust_la_DEPENDENCIES) $(EXTRA_p11_kit_trust_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(p11_kit_trust_la_LINK) -rpath $(moduledir) $(p11_kit_trust_la_OBJECTS) $(p11_kit_trust_la_LIBADD) $(LIBS)
-install-externalSCRIPTS: $(external_SCRIPTS)
-	@$(NORMAL_INSTALL)
-	@list='$(external_SCRIPTS)'; test -n "$(externaldir)" || list=; \
-	if test -n "$$list"; then \
-	  echo " $(MKDIR_P) '$(DESTDIR)$(externaldir)'"; \
-	  $(MKDIR_P) "$(DESTDIR)$(externaldir)" || exit 1; \
-	fi; \
-	for p in $$list; do \
-	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
-	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
-	done | \
-	sed -e 'p;s,.*/,,;n' \
-	    -e 'h;s|.*|.|' \
-	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
-	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
-	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
-	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
-	      if (++n[d] == $(am__install_max)) { \
-		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
-	    else { print "f", d "/" $$4, $$1 } } \
-	  END { for (d in files) print "f", d, files[d] }' | \
-	while read type dir files; do \
-	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
-	     test -z "$$files" || { \
-	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(externaldir)$$dir'"; \
-	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(externaldir)$$dir" || exit $$?; \
-	     } \
-	; done
-
-uninstall-externalSCRIPTS:
-	@$(NORMAL_UNINSTALL)
-	@list='$(external_SCRIPTS)'; test -n "$(externaldir)" || exit 0; \
-	files=`for p in $$list; do echo "$$p"; done | \
-	       sed -e 's,.*/,,;$(transform)'`; \
-	dir='$(DESTDIR)$(externaldir)'; $(am__uninstall_files_from_dir)
 
 mostlyclean-compile:
 	-rm -f *.$(OBJEXT)
@@ -734,12 +661,13 @@ uninstall-configDATA:
 #     (which will cause the Makefiles to be regenerated when you run 'make');
 # (2) otherwise, pass the desired values on the 'make' command line.
 $(am__recursive_targets):
-	@fail=; \
-	if $(am__make_keepgoing); then \
-	  failcom='fail=yes'; \
-	else \
-	  failcom='exit 1'; \
-	fi; \
+	@fail= failcom='exit 1'; \
+	for f in x $$MAKEFLAGS; do \
+	  case $$f in \
+	    *=* | --[!k]*);; \
+	    *k*) failcom='fail=yes';; \
+	  esac; \
+	done; \
 	dot_seen=no; \
 	target=`echo $@ | sed s/-recursive//`; \
 	case "$@" in \
@@ -883,10 +811,10 @@ distdir: $(DISTFILES)
 	done
 check-am: all-am
 check: check-recursive
-all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(DATA)
+all-am: Makefile $(LTLIBRARIES) $(DATA)
 installdirs: installdirs-recursive
 installdirs-am:
-	for dir in "$(DESTDIR)$(moduledir)" "$(DESTDIR)$(externaldir)" "$(DESTDIR)$(configdir)"; do \
+	for dir in "$(DESTDIR)$(moduledir)" "$(DESTDIR)$(configdir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-recursive
@@ -942,8 +870,7 @@ info: info-recursive
 
 info-am:
 
-install-data-am: install-configDATA install-externalSCRIPTS \
-	install-moduleLTLIBRARIES
+install-data-am: install-configDATA install-moduleLTLIBRARIES
 
 install-dvi: install-dvi-recursive
 
@@ -989,8 +916,7 @@ ps: ps-recursive
 
 ps-am:
 
-uninstall-am: uninstall-configDATA uninstall-externalSCRIPTS \
-	uninstall-moduleLTLIBRARIES
+uninstall-am: uninstall-configDATA uninstall-moduleLTLIBRARIES
 
 .MAKE: $(am__recursive_targets) install-am install-strip
 
@@ -1001,15 +927,14 @@ uninstall-am: uninstall-configDATA uninstall-externalSCRIPTS \
 	distclean-libtool distclean-tags distdir dvi dvi-am html \
 	html-am info info-am install install-am install-configDATA \
 	install-data install-data-am install-dvi install-dvi-am \
-	install-exec install-exec-am install-externalSCRIPTS \
-	install-html install-html-am install-info install-info-am \
-	install-man install-moduleLTLIBRARIES install-pdf \
-	install-pdf-am install-ps install-ps-am install-strip \
-	installcheck installcheck-am installdirs installdirs-am \
-	maintainer-clean maintainer-clean-generic mostlyclean \
-	mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
-	pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
-	uninstall-configDATA uninstall-externalSCRIPTS \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man \
+	install-moduleLTLIBRARIES install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs installdirs-am maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags tags-am uninstall uninstall-am uninstall-configDATA \
 	uninstall-moduleLTLIBRARIES
 
 
@@ -1023,6 +948,11 @@ leakcheck:
 		test "$$dir" = "." || $(MAKE) -C $$dir leakcheck; \
 	done
 
+hellcheck:
+	@for dir in $(SUBDIRS); do \
+		test "$$dir" = "." || $(MAKE) -C $$dir hellcheck; \
+	done
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/trust/module.c b/trust/module.c
index ba41884..109ff5c 100644
--- a/trust/module.c
+++ b/trust/module.c
@@ -36,6 +36,7 @@
 
 #define CRYPTOKI_EXPORTS
 
+#include "argv.h"
 #include "array.h"
 #include "attrs.h"
 #define P11_DEBUG_FLAG P11_DEBUG_TRUST
@@ -65,11 +66,10 @@
 #define BASE_SLOT_ID   18UL
 
 static struct _Shared {
-	int initialized;
 	p11_dict *sessions;
 	p11_array *tokens;
 	char *paths;
-} gl = { 0, NULL, NULL, NULL };
+} gl = { NULL, NULL };
 
 /* Used during FindObjects */
 typedef struct _FindObjects {
@@ -249,7 +249,8 @@ create_tokens_inlock (p11_array *tokens,
 }
 
 static void
-parse_argument (char *arg)
+parse_argument (char *arg,
+                void *unused)
 {
 	char *value;
 
@@ -268,78 +269,6 @@ parse_argument (char *arg)
 	}
 }
 
-static void
-parse_arguments (const char *string)
-{
-	char quote = '\0';
-	char *src, *dup, *at, *arg;
-
-	if (!string)
-		return;
-
-	src = dup = strdup (string);
-	if (!dup) {
-		p11_message ("couldn't allocate memory for argument string");
-		return;
-	}
-
-	arg = at = src;
-	for (src = dup; *src; src++) {
-
-		/* Matching quote */
-		if (quote == *src) {
-			quote = '\0';
-
-		/* Inside of quotes */
-		} else if (quote != '\0') {
-			if (*src == '\\') {
-				*at++ = *src++;
-				if (!*src) {
-					p11_message ("couldn't parse argument string: %s", string);
-					goto done;
-				}
-				if (*src != quote)
-					*at++ = '\\';
-			}
-			*at++ = *src;
-
-		/* Space, not inside of quotes */
-		} else if (isspace(*src)) {
-			*at = 0;
-			parse_argument (arg);
-			arg = at;
-
-		/* Other character outside of quotes */
-		} else {
-			switch (*src) {
-			case '\'':
-			case '"':
-				quote = *src;
-				break;
-			case '\\':
-				*at++ = *src++;
-				if (!*src) {
-					p11_message ("couldn't parse argument string: %s", string);
-					goto done;
-				}
-				/* fall through */
-			default:
-				*at++ = *src;
-				break;
-			}
-		}
-	}
-
-
-	if (at != arg) {
-		*at = 0;
-		parse_argument (arg);
-	}
-
-done:
-	free (dup);
-}
-
 static CK_RV
 sys_C_Finalize (CK_VOID_PTR reserved)
 {
@@ -355,13 +284,10 @@ sys_C_Finalize (CK_VOID_PTR reserved)
 	} else {
 		p11_lock ();
 
-			if (gl.initialized == 0) {
-				p11_debug ("trust module is not initialized");
+			if (!gl.sessions) {
 				rv = CKR_CRYPTOKI_NOT_INITIALIZED;
 
-			} else if (gl.initialized == 1) {
-				p11_debug ("doing finalization");
-
+			} else {
 				free (gl.paths);
 				gl.paths = NULL;
 
@@ -372,11 +298,6 @@ sys_C_Finalize (CK_VOID_PTR reserved)
 				gl.tokens = NULL;
 
 				rv = CKR_OK;
-				gl.initialized = 0;
-
-			} else {
-				gl.initialized--;
-				p11_debug ("trust module still initialized %d times", gl.initialized);
 			}
 
 		p11_unlock ();
@@ -389,8 +310,6 @@ sys_C_Finalize (CK_VOID_PTR reserved)
 static CK_RV
 sys_C_Initialize (CK_VOID_PTR init_args)
 {
-	static CK_C_INITIALIZE_ARGS def_args =
-		{ NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, };
 	CK_C_INITIALIZE_ARGS *args = NULL;
 	int supplied_ok;
 	CK_RV rv;
@@ -405,9 +324,8 @@ sys_C_Initialize (CK_VOID_PTR init_args)
 
 		rv = CKR_OK;
 
+		/* pReserved must be NULL */
 		args = init_args;
-		if (args == NULL)
-			args = &def_args;
 
 		/* ALL supplied function pointers need to have the value either NULL or non-NULL. */
 		supplied_ok = (args->CreateMutex == NULL && args->DestroyMutex == NULL &&
@@ -428,19 +346,13 @@ sys_C_Initialize (CK_VOID_PTR init_args)
 			rv = CKR_CANT_LOCK;
 		}
 
-		if (rv == CKR_OK && gl.initialized != 0) {
-			p11_debug ("trust module already initialized %d times",
-			           gl.initialized);
-
 		/*
 		 * We support setting the socket path and other arguments from from the
 		 * pReserved pointer, similar to how NSS PKCS#11 components are initialized.
 		 */
-		} else if (rv == CKR_OK) {
-			p11_debug ("doing initialization");
-
+		if (rv == CKR_OK) {
 			if (args->pReserved)
-				parse_arguments ((const char*)args->pReserved);
+				p11_argv_parse ((const char*)args->pReserved, parse_argument, NULL);
 
 			gl.sessions = p11_dict_new (p11_dict_ulongptr_hash,
 			                            p11_dict_ulongptr_equal,
@@ -456,8 +368,6 @@ sys_C_Initialize (CK_VOID_PTR init_args)
 			}
 		}
 
-		gl.initialized++;
-
 	p11_unlock ();
 
 	if (rv != CKR_OK)
diff --git a/trust/tests/Makefile.am b/trust/tests/Makefile.am
index 90b9fb5..abacab6 100644
--- a/trust/tests/Makefile.am
+++ b/trust/tests/Makefile.am
@@ -1,24 +1,25 @@
 
 include $(top_srcdir)/build/Makefile.tests
 
-INCLUDES = \
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(srcdir)/.. \
 	-I$(top_srcdir)/common \
 	-DDATADIR=\"$(datadir)\" \
 	-DSYSCONFDIR=\"$(sysconfdir)\" \
-	$(CUTEST_CFLAGS)
+	$(TEST_CFLAGS)
 
 noinst_LTLIBRARIES = \
 	libtestdata.la
 
 libtestdata_la_SOURCES = \
-	test-data.c test-data.h
+	test-trust.c test-trust.h
 
 LDADD = \
 	$(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la \
 	$(LIBTASN1_LIBS) \
diff --git a/trust/tests/Makefile.in b/trust/tests/Makefile.in
index f9359ef..56cbf0a 100644
--- a/trust/tests/Makefile.in
+++ b/trust/tests/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.13.1 from Makefile.am.
 # @configure_input@
 
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2012 Free Software Foundation, Inc.
 
 # This Makefile.in is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
@@ -16,51 +16,23 @@
 
 
 VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
-am__make_running_with_option = \
-  case $${target_option-} in \
-      ?) ;; \
-      *) echo "am__make_running_with_option: internal error: invalid" \
-              "target option '$${target_option-}' specified" >&2; \
-         exit 1;; \
-  esac; \
-  has_opt=no; \
-  sane_makeflags=$$MAKEFLAGS; \
-  if $(am__is_gnu_make); then \
-    sane_makeflags=$$MFLAGS; \
-  else \
+am__make_dryrun = \
+  { \
+    am__dry=no; \
     case $$MAKEFLAGS in \
       *\\[\ \	]*) \
-        bs=\\; \
-        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
-          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
-    esac; \
-  fi; \
-  skip_next=no; \
-  strip_trailopt () \
-  { \
-    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
-  }; \
-  for flg in $$sane_makeflags; do \
-    test $$skip_next = yes && { skip_next=no; continue; }; \
-    case $$flg in \
-      *=*|--*) continue;; \
-        -*I) strip_trailopt 'I'; skip_next=yes;; \
-      -*I?*) strip_trailopt 'I';; \
-        -*O) strip_trailopt 'O'; skip_next=yes;; \
-      -*O?*) strip_trailopt 'O';; \
-        -*l) strip_trailopt 'l'; skip_next=yes;; \
-      -*l?*) strip_trailopt 'l';; \
-      -[dEDm]) skip_next=yes;; \
-      -[JT]) skip_next=yes;; \
-    esac; \
-    case $$flg in \
-      *$$target_option*) has_opt=yes; break;; \
+        echo 'am--echo: ; @echo "AM"  OK' | $(MAKE) -f - 2>/dev/null \
+          | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
+      *) \
+        for am__flg in $$MAKEFLAGS; do \
+          case $$am__flg in \
+            *=*|--*) ;; \
+            *n*) am__dry=yes; break;; \
+          esac; \
+        done;; \
     esac; \
-  done; \
-  test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+    test $$am__dry = yes; \
+  }
 pkgdatadir = $(datadir)/@PACKAGE@
 pkgincludedir = $(includedir)/@PACKAGE@
 pkglibdir = $(libdir)/@PACKAGE@
@@ -107,7 +79,7 @@ CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 LTLIBRARIES = $(noinst_LTLIBRARIES)
 libtestdata_la_LIBADD =
-am_libtestdata_la_OBJECTS = test-data.lo
+am_libtestdata_la_OBJECTS = test-trust.lo
 libtestdata_la_OBJECTS = $(am_libtestdata_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -129,18 +101,20 @@ am__DEPENDENCIES_1 =
 frob_pow_DEPENDENCIES = $(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la $(am__DEPENDENCIES_1) \
-	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1)
 frob_token_SOURCES = frob-token.c
 frob_token_OBJECTS = frob-token.$(OBJEXT)
 frob_token_LDADD = $(LDADD)
 frob_token_DEPENDENCIES = $(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la $(am__DEPENDENCIES_1) \
-	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1)
 test_builder_SOURCES = test-builder.c
 test_builder_OBJECTS = test-builder.$(OBJEXT)
 test_builder_LDADD = $(LDADD)
@@ -148,36 +122,40 @@ test_builder_DEPENDENCIES =  \
 	$(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la $(am__DEPENDENCIES_1) \
-	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1)
 test_index_SOURCES = test-index.c
 test_index_OBJECTS = test-index.$(OBJEXT)
 test_index_LDADD = $(LDADD)
 test_index_DEPENDENCIES = $(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la $(am__DEPENDENCIES_1) \
-	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1)
 test_module_SOURCES = test-module.c
 test_module_OBJECTS = test-module.$(OBJEXT)
 test_module_LDADD = $(LDADD)
 test_module_DEPENDENCIES = $(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la $(am__DEPENDENCIES_1) \
-	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1)
 test_parser_SOURCES = test-parser.c
 test_parser_OBJECTS = test-parser.$(OBJEXT)
 test_parser_LDADD = $(LDADD)
 test_parser_DEPENDENCIES = $(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la $(am__DEPENDENCIES_1) \
-	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1)
 test_persist_SOURCES = test-persist.c
 test_persist_OBJECTS = test-persist.$(OBJEXT)
 test_persist_LDADD = $(LDADD)
@@ -185,18 +163,20 @@ test_persist_DEPENDENCIES =  \
 	$(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la $(am__DEPENDENCIES_1) \
-	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1)
 test_token_SOURCES = test-token.c
 test_token_OBJECTS = test-token.$(OBJEXT)
 test_token_LDADD = $(LDADD)
 test_token_DEPENDENCIES = $(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la $(am__DEPENDENCIES_1) \
-	$(CUTEST_LIBS) $(am__DEPENDENCIES_1)
+	$(am__DEPENDENCIES_1)
 AM_V_P = $(am__v_P_@AM_V@)
 am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
 am__v_P_0 = false
@@ -512,6 +492,8 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
 LCOV = @LCOV@
 LD = @LD@
 LDFLAGS = @LDFLAGS@
+LIBFFI_CFLAGS = @LIBFFI_CFLAGS@
+LIBFFI_LIBS = @LIBFFI_LIBS@
 LIBICONV = @LIBICONV@
 LIBINTL = @LIBINTL@
 LIBOBJS = @LIBOBJS@
@@ -625,33 +607,33 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 with_trust_paths = @with_trust_paths@
 NULL = 
-CUTEST_CFLAGS = \
-	-I$(top_srcdir)/build/cutest \
+TEST_CFLAGS = \
 	-DSRCDIR=\"$(abs_srcdir)\" \
 	-DBUILDDIR=\"$(abs_builddir)\" \
 	-DP11_KIT_FUTURE_UNSTABLE_API
 
-CUTEST_LIBS = $(top_builddir)/build/libcutest.la
 MEMCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=80 --quiet --trace-children=yes
 LEAKCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=81 --quiet --leak-check=yes
-INCLUDES = \
+HELLCHECK_ENV = $(TEST_RUNNER) valgrind --error-exitcode=82 --quiet --tool=helgrind
+AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	-I$(srcdir)/.. \
 	-I$(top_srcdir)/common \
 	-DDATADIR=\"$(datadir)\" \
 	-DSYSCONFDIR=\"$(sysconfdir)\" \
-	$(CUTEST_CFLAGS)
+	$(TEST_CFLAGS)
 
 noinst_LTLIBRARIES = \
 	libtestdata.la
 
 libtestdata_la_SOURCES = \
-	test-data.c test-data.h
+	test-trust.c test-trust.h
 
 LDADD = \
 	$(top_builddir)/trust/libtrust-testable.la \
 	$(top_builddir)/common/libp11-data.la \
 	$(top_builddir)/common/libp11-library.la \
+	$(top_builddir)/common/libp11-test.la \
 	$(top_builddir)/common/libp11-common.la \
 	$(builddir)/libtestdata.la \
 	$(LIBTASN1_LIBS) \
@@ -722,7 +704,6 @@ clean-noinstLTLIBRARIES:
 	  echo rm -f $${locs}; \
 	  rm -f $${locs}; \
 	}
-
 libtestdata.la: $(libtestdata_la_OBJECTS) $(libtestdata_la_DEPENDENCIES) $(EXTRA_libtestdata_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK)  $(libtestdata_la_OBJECTS) $(libtestdata_la_LIBADD) $(LIBS)
 
@@ -734,39 +715,30 @@ clean-noinstPROGRAMS:
 	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
 	echo " rm -f" $$list; \
 	rm -f $$list
-
 frob-nss-trust$(EXEEXT): $(frob_nss_trust_OBJECTS) $(frob_nss_trust_DEPENDENCIES) $(EXTRA_frob_nss_trust_DEPENDENCIES) 
 	@rm -f frob-nss-trust$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(frob_nss_trust_OBJECTS) $(frob_nss_trust_LDADD) $(LIBS)
-
 frob-pow$(EXEEXT): $(frob_pow_OBJECTS) $(frob_pow_DEPENDENCIES) $(EXTRA_frob_pow_DEPENDENCIES) 
 	@rm -f frob-pow$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(frob_pow_OBJECTS) $(frob_pow_LDADD) $(LIBS)
-
 frob-token$(EXEEXT): $(frob_token_OBJECTS) $(frob_token_DEPENDENCIES) $(EXTRA_frob_token_DEPENDENCIES) 
 	@rm -f frob-token$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(frob_token_OBJECTS) $(frob_token_LDADD) $(LIBS)
-
 test-builder$(EXEEXT): $(test_builder_OBJECTS) $(test_builder_DEPENDENCIES) $(EXTRA_test_builder_DEPENDENCIES) 
 	@rm -f test-builder$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_builder_OBJECTS) $(test_builder_LDADD) $(LIBS)
-
 test-index$(EXEEXT): $(test_index_OBJECTS) $(test_index_DEPENDENCIES) $(EXTRA_test_index_DEPENDENCIES) 
 	@rm -f test-index$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_index_OBJECTS) $(test_index_LDADD) $(LIBS)
-
 test-module$(EXEEXT): $(test_module_OBJECTS) $(test_module_DEPENDENCIES) $(EXTRA_test_module_DEPENDENCIES) 
 	@rm -f test-module$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_module_OBJECTS) $(test_module_LDADD) $(LIBS)
-
 test-parser$(EXEEXT): $(test_parser_OBJECTS) $(test_parser_DEPENDENCIES) $(EXTRA_test_parser_DEPENDENCIES) 
 	@rm -f test-parser$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_parser_OBJECTS) $(test_parser_LDADD) $(LIBS)
-
 test-persist$(EXEEXT): $(test_persist_OBJECTS) $(test_persist_DEPENDENCIES) $(EXTRA_test_persist_DEPENDENCIES) 
 	@rm -f test-persist$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_persist_OBJECTS) $(test_persist_LDADD) $(LIBS)
-
 test-token$(EXEEXT): $(test_token_OBJECTS) $(test_token_DEPENDENCIES) $(EXTRA_test_token_DEPENDENCIES) 
 	@rm -f test-token$(EXEEXT)
 	$(AM_V_CCLD)$(LINK) $(test_token_OBJECTS) $(test_token_LDADD) $(LIBS)
@@ -781,12 +753,12 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/frob-pow.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/frob-token.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-builder.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-data.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-index.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-module.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-parser.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-persist.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-token.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-trust.Plo@am__quote@
 
 .c.o:
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -876,7 +848,7 @@ distclean-tags:
 	$(MAKE) $(AM_MAKEFLAGS) $<
 
 # Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
+# exand to empty, as could happen e.g. with make check TESTS=''.
 am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
 am--force-recheck:
 	@:
@@ -1228,6 +1200,9 @@ memcheck: all
 leakcheck: all
 	make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(LEAKCHECK_ENV)" check-TESTS
 
+hellcheck: all
+	make $(AM_MAKEFLAGS) TESTS_ENVIRONMENT="$(HELLCHECK_ENV)" check-TESTS
+
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff --git a/trust/tests/frob-nss-trust.c b/trust/tests/frob-nss-trust.c
index da76795..a81b5e2 100644
--- a/trust/tests/frob-nss-trust.c
+++ b/trust/tests/frob-nss-trust.c
@@ -102,7 +102,10 @@ dump_trust_module (const char *path)
 
 	CK_ULONG count = p11_attrs_count (template);
 
-	rv = p11_kit_load_initialize_module (path, &module);
+	module = p11_kit_module_load (path, 0);
+	return_val_if_fail (module != NULL, 1);
+
+	rv = p11_kit_module_initialize (module);
 	return_val_if_fail (rv == CKR_OK, 1);
 
 	iter = p11_kit_iter_new (NULL);
@@ -120,7 +123,8 @@ dump_trust_module (const char *path)
 
 	return_val_if_fail (rv == CKR_CANCEL, 1);
 
-	p11_kit_finalize_module (module);
+	p11_kit_module_finalize (module);
+	p11_kit_module_release (module);
 
 	return 0;
 }
@@ -152,10 +156,16 @@ compare_trust_modules (const char *path1,
 		{ CKA_INVALID, }
 	};
 
-	rv = p11_kit_load_initialize_module (path1, &module1);
+	module1 = p11_kit_module_load (path1, 0);
+	return_val_if_fail (module1 != NULL, 1);
+
+	rv = p11_kit_module_initialize (module1);
 	return_val_if_fail (rv == CKR_OK, 1);
 
-	rv = p11_kit_load_initialize_module (path2, &module2);
+	module2 = p11_kit_module_load (path2, 0);
+	return_val_if_fail (module2 != NULL, 1);
+
+	rv = p11_kit_module_initialize (module2);
 	return_val_if_fail (rv == CKR_OK, 1);
 
 	iter = p11_kit_iter_new (NULL);
@@ -185,8 +195,11 @@ compare_trust_modules (const char *path1,
 	}
 
 	return_val_if_fail (rv == CKR_CANCEL, 1);
-	p11_kit_finalize_module (module1);
-	p11_kit_finalize_module (module2);
+	p11_kit_module_finalize (module1);
+	p11_kit_module_release (module1);
+
+	p11_kit_module_finalize (module2);
+	p11_kit_module_release (module2);
 
 	return 0;
 }
diff --git a/trust/tests/test-builder.c b/trust/tests/test-builder.c
index a875b96..891c722 100644
--- a/trust/tests/test-builder.c
+++ b/trust/tests/test-builder.c
@@ -33,7 +33,8 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-trust.h"
 
 #include 
 #include 
@@ -48,8 +49,6 @@
 #include "oid.h"
 #include "pkcs11x.h"
 
-#include "test-data.h"
-
 struct {
 	p11_builder *builder;
 	p11_index *index;
@@ -73,17 +72,17 @@ static CK_BBOOL truev = CK_TRUE;
 static CK_BBOOL falsev = CK_FALSE;
 
 static void
-setup (CuTest *cu)
+setup (void *unused)
 {
 	test.builder = p11_builder_new (P11_BUILDER_FLAG_TOKEN);
-	CuAssertPtrNotNull (cu, test.builder);
+	assert_ptr_not_null (test.builder);
 
 	test.index = p11_index_new (p11_builder_build, p11_builder_changed, test.builder);
-	CuAssertPtrNotNull (cu, test.index);
+	assert_ptr_not_null (test.index);
 }
 
 static void
-teardown (CuTest *cu)
+teardown (void *unused)
 {
 	p11_builder_free (test.builder);
 	p11_index_free (test.index);
@@ -91,20 +90,16 @@ teardown (CuTest *cu)
 }
 
 static void
-test_get_cache (CuTest *cu)
+test_get_cache (void)
 {
 	p11_asn1_cache *cache;
 
-	setup (cu);
-
 	cache = p11_builder_get_cache (test.builder);
-	CuAssertPtrEquals (cu, NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4));
-
-	teardown (cu);
+	assert_ptr_eq (NULL, p11_asn1_cache_get (cache, "blah", (unsigned char *)"blah", 4));
 }
 
 static void
-test_build_data (CuTest *cu)
+test_build_data (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -128,21 +123,17 @@ test_build_data (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, check, attrs);
+	test_check_attrs (check, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_build_certificate (CuTest *cu)
+test_build_certificate (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -171,21 +162,17 @@ test_build_certificate (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, expected, attrs);
+	test_check_attrs (expected, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_build_certificate_empty (CuTest *cu)
+test_build_certificate_empty (void)
 {
 	unsigned char checksum[P11_HASH_SHA1_LEN];
 	CK_ULONG domain = 0;
@@ -223,19 +210,15 @@ test_build_certificate_empty (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_hash_sha1 (checksum, test_cacert3_ca_der, sizeof (test_cacert3_ca_der), NULL);
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, expected, attrs);
+	test_check_attrs (expected, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static const unsigned char entrust_pretend_ca[] = {
@@ -312,7 +295,7 @@ static const unsigned char entrust_pretend_ca[] = {
 };
 
 static void
-test_build_certificate_non_ca (CuTest *cu)
+test_build_certificate_non_ca (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -329,20 +312,16 @@ test_build_certificate_non_ca (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, expected, attrs);
+	test_check_attrs (expected, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_build_certificate_v1_ca (CuTest *cu)
+test_build_certificate_v1_ca (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -359,20 +338,16 @@ test_build_certificate_v1_ca (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, expected, attrs);
+	test_check_attrs (expected, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_build_certificate_staple_ca (CuTest *cu)
+test_build_certificate_staple_ca (void)
 {
 	CK_ULONG category = 2; /* CA */
 
@@ -400,28 +375,24 @@ test_build_certificate_staple_ca (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	/* Add a stapled certificate */
 	rv = p11_index_add (test.index, stapled, 4, NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	attrs = NULL;
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	/*
 	 * Even though the certificate is not a valid CA, the presence of the
 	 * stapled certificate extension transforms it into a CA.
 	 */
-	test_check_attrs (cu, expected, attrs);
+	test_check_attrs (expected, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_build_certificate_no_type (CuTest *cu)
+test_build_certificate_no_type (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -432,23 +403,19 @@ test_build_certificate_no_type (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_TEMPLATE_INCOMPLETE, rv);
+	assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_build_certificate_bad_type (CuTest *cu)
+test_build_certificate_bad_type (void)
 {
 	CK_CERTIFICATE_TYPE type = CKC_WTLS;
 
@@ -462,23 +429,19 @@ test_build_certificate_bad_type (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv);
+	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_build_extension (CuTest *cu)
+test_build_extension (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
@@ -502,16 +465,12 @@ test_build_extension (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, check, attrs);
+	test_check_attrs (check, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 /* This certificate has and end date in 2067 */
@@ -542,7 +501,7 @@ static const unsigned char cert_distant_end_date[] = {
 };
 
 static void
-test_build_distant_end_date (CuTest *cu)
+test_build_distant_end_date (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -560,20 +519,16 @@ test_build_distant_end_date (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, expected, attrs);
+	test_check_attrs (expected, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_create_not_settable (CuTest *cu)
+test_create_not_settable (void)
 {
 	/*
 	 * CKA_TRUSTED cannot be set by the normal user according to spec
@@ -591,25 +546,21 @@ test_create_not_settable (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_ATTRIBUTE_READ_ONLY, rv);
+	assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
 
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_create_but_loadable (CuTest *cu)
+test_create_but_loadable (void)
 {
 	/*
 	 * CKA_TRUSTED cannot be set on creation, but can be set if we're
@@ -627,24 +578,20 @@ test_create_but_loadable (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_index_batch (test.index);
 
 	attrs = NULL;
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	p11_index_finish (test.index);
 
-	test_check_attrs (cu, input, attrs);
+	test_check_attrs (input, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_create_unsupported (CuTest *cu)
+test_create_unsupported (void)
 {
 	CK_OBJECT_CLASS klass = CKO_PRIVATE_KEY;
 
@@ -657,23 +604,19 @@ test_create_unsupported (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv);
+	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_create_generated (CuTest *cu)
+test_create_generated (void)
 {
 	CK_OBJECT_CLASS klass = CKO_NSS_TRUST;
 
@@ -686,23 +629,19 @@ test_create_generated (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv);
+	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_create_bad_attribute (CuTest *cu)
+test_create_bad_attribute (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -715,23 +654,19 @@ test_create_bad_attribute (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv);
+	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_create_missing_attribute (CuTest *cu)
+test_create_missing_attribute (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
@@ -742,23 +677,19 @@ test_create_missing_attribute (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_TEMPLATE_INCOMPLETE, rv);
+	assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_create_no_class (CuTest *cu)
+test_create_no_class (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_VALUE, "the value", 9 },
@@ -769,23 +700,19 @@ test_create_no_class (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_TEMPLATE_INCOMPLETE, rv);
+	assert_num_eq (CKR_TEMPLATE_INCOMPLETE, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_create_token_mismatch (CuTest *cu)
+test_create_token_mismatch (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -797,23 +724,19 @@ test_create_token_mismatch (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_TEMPLATE_INCONSISTENT, rv);
+	assert_num_eq (CKR_TEMPLATE_INCONSISTENT, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_modify_success (CuTest *cu)
+test_modify_success (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -839,23 +762,19 @@ test_modify_success (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (modify));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, expected, attrs);
+	test_check_attrs (expected, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_modify_read_only (CuTest *cu)
+test_modify_read_only (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -873,29 +792,25 @@ test_modify_read_only (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	merge = p11_attrs_dup (input);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	p11_message_quiet ();
 
 	merge = p11_attrs_dup (modify);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_ATTRIBUTE_READ_ONLY, rv);
+	assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
 
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_modify_unchanged (CuTest *cu)
+test_modify_unchanged (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -924,23 +839,19 @@ test_modify_unchanged (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (modify));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, expected, attrs);
+	test_check_attrs (expected, attrs);
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_modify_not_modifiable (CuTest *cu)
+test_modify_not_modifiable (void)
 {
 	CK_ATTRIBUTE input[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -958,24 +869,20 @@ test_modify_not_modifiable (CuTest *cu)
 	CK_ATTRIBUTE *merge;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	rv = p11_builder_build (test.builder, test.index, &attrs, p11_attrs_dup (input));
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	p11_message_quiet ();
 
 	merge = p11_attrs_dup (modify);
 	rv = p11_builder_build (test.builder, test.index, &attrs, merge);
-	CuAssertIntEquals (cu, CKR_ATTRIBUTE_READ_ONLY, rv);
+	assert_num_eq (CKR_ATTRIBUTE_READ_ONLY, rv);
 	p11_attrs_free (merge);
 
 	p11_message_loud ();
 
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static CK_ATTRIBUTE cacert3_assert_distrust_server[] = {
@@ -1059,7 +966,7 @@ static CK_ATTRIBUTE cacert3_assert_distrust_time[] = {
 };
 
 static void
-test_changed_trusted_certificate (CuTest *cu)
+test_changed_trusted_certificate (void)
 {
 	static CK_ATTRIBUTE cacert3_trusted_certificate[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -1173,38 +1080,34 @@ test_changed_trusted_certificate (CuTest *cu)
 	CK_RV rv;
 	int i;
 
-	setup (cu);
-
 	/*
 	 * A trusted cetrificate, trusted for server and client purposes,
 	 * and explicitly rejects the email and timestamping purposes.
 	 */
 	p11_index_batch (test.index);
 	rv = p11_index_take (test.index, p11_attrs_dup (cacert3_trusted_certificate), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = p11_index_take (test.index, p11_attrs_dup (eku_extension_server_and_client), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = p11_index_take (test.index, p11_attrs_dup (reject_extension_email), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	p11_index_finish (test.index);
 
 
 	/* The other objects */
 	for (i = 0; expected[i]; i++) {
 		handle = p11_index_find (test.index, expected[i], 2);
-		CuAssertTrue (cu, handle != 0);
+		assert (handle != 0);
 
 		attrs = p11_index_lookup (test.index, handle);
-		CuAssertPtrNotNull (cu, attrs);
+		assert_ptr_not_null (attrs);
 
-		test_check_attrs (cu, expected[i], attrs);
+		test_check_attrs (expected[i], attrs);
 	}
-
-	teardown (cu);
 }
 
 static void
-test_changed_distrust_value (CuTest *cu)
+test_changed_distrust_value (void)
 {
 	CK_ATTRIBUTE distrust_cert[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate), },
@@ -1287,37 +1190,33 @@ test_changed_distrust_value (CuTest *cu)
 	CK_RV rv;
 	int i;
 
-	setup (cu);
-
 	/*
 	 * A distrusted certificate with a value, plus some extra
 	 * extensions (which should be ignored).
 	 */
 	p11_index_batch (test.index);
 	rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = p11_index_take (test.index, p11_attrs_dup (eku_extension), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = p11_index_take (test.index, p11_attrs_dup (reject_extension), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	p11_index_finish (test.index);
 
 	/* The other objects */
 	for (i = 0; expected[i]; i++) {
 		handle = p11_index_find (test.index, expected[i], 2);
-		CuAssertTrue (cu, handle != 0);
+		assert (handle != 0);
 
 		attrs = p11_index_lookup (test.index, handle);
-		CuAssertPtrNotNull (cu, attrs);
+		assert_ptr_not_null (attrs);
 
-		test_check_attrs (cu, expected[i], attrs);
+		test_check_attrs (expected[i], attrs);
 	}
-
-	teardown (cu);
 }
 
 static void
-test_changed_distrust_serial (CuTest *cu)
+test_changed_distrust_serial (void)
 {
 	CK_ATTRIBUTE distrust_cert[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate), },
@@ -1377,29 +1276,25 @@ test_changed_distrust_serial (CuTest *cu)
 	CK_RV rv;
 	int i;
 
-	setup (cu);
-
 	/*
 	 * A distrusted certificate without a value.
 	 */
 	p11_index_batch (test.index);
 	rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	p11_index_finish (test.index);
 
 	for (i = 0; expected[i]; i++) {
 		handle = p11_index_find (test.index, expected[i], 2);
-		CuAssertTrue (cu, handle != 0);
+		assert (handle != 0);
 		attrs = p11_index_lookup (test.index, handle);
-		CuAssertPtrNotNull (cu, attrs);
-		test_check_attrs (cu, expected[i], attrs);
+		assert_ptr_not_null (attrs);
+		test_check_attrs (expected[i], attrs);
 	}
-
-	teardown (cu);
 }
 
 static void
-test_changed_dup_certificates (CuTest *cu)
+test_changed_dup_certificates (void)
 {
 	static CK_ATTRIBUTE trusted_cert[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -1481,68 +1376,64 @@ test_changed_dup_certificates (CuTest *cu)
 	CK_OBJECT_HANDLE handle;
 	CK_RV rv;
 
-	setup (cu);
-
 	/*
 	 * A trusted certificate, should create trutsed nss trust
 	 * and anchor assertions
 	 */
 	p11_index_batch (test.index);
 	rv = p11_index_take (test.index, p11_attrs_dup (trusted_cert), &handle1);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	p11_index_finish (test.index);
 
 	handle = p11_index_find (test.index, match_nss, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 	handle = p11_index_find (test.index, match_assertion, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 	handle = p11_index_find (test.index, trusted_nss, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 	handle = p11_index_find (test.index, anchor_assertion, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 
 	/* Now we add a distrusted certificate, should update the objects */
 	p11_index_batch (test.index);
 	rv = p11_index_take (test.index, p11_attrs_dup (distrust_cert), &handle2);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	p11_index_finish (test.index);
 
 	handle = p11_index_find (test.index, trusted_nss, -1);
-	CuAssertTrue (cu, handle == 0);
+	assert (handle == 0);
 	handle = p11_index_find (test.index, distrust_nss, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 	handle = p11_index_find (test.index, anchor_assertion, -1);
-	CuAssertTrue (cu, handle == 0);
+	assert (handle == 0);
 	handle = p11_index_find (test.index, distrust_assertion, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 
 	/* Now remove the trusted cetrificate, should update again */
 	rv = p11_index_remove (test.index, handle2);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	handle = p11_index_find (test.index, trusted_nss, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 	handle = p11_index_find (test.index, distrust_nss, -1);
-	CuAssertTrue (cu, handle == 0);
+	assert (handle == 0);
 	handle = p11_index_find (test.index, anchor_assertion, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 	handle = p11_index_find (test.index, distrust_assertion, -1);
-	CuAssertTrue (cu, handle == 0);
+	assert (handle == 0);
 
 	/* Now remove the original certificate, unknown nss and no assertions */
 	rv = p11_index_remove (test.index, handle1);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	handle = p11_index_find (test.index, unknown_nss, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 	handle = p11_index_find (test.index, match_assertion, -1);
-	CuAssertTrue (cu, handle == 0);
-
-	teardown (cu);
+	assert (handle == 0);
 }
 
 static void
-test_changed_without_id (CuTest *cu)
+test_changed_without_id (void)
 {
 	static CK_ATTRIBUTE trusted_without_id[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -1568,26 +1459,22 @@ test_changed_without_id (CuTest *cu)
 	CK_OBJECT_HANDLE handle;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_index_batch (test.index);
 	rv = p11_index_take (test.index, p11_attrs_dup (trusted_without_id), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	p11_index_finish (test.index);
 
 	klass = CKO_NSS_TRUST;
 	handle = p11_index_find (test.index, match, -1);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 
 	klass = CKO_X_TRUST_ASSERTION;
 	handle = p11_index_find (test.index, match, -1);
-	CuAssertTrue (cu, handle != 0);
-
-	teardown (cu);
+	assert (handle != 0);
 }
 
 static void
-test_changed_staple_ca (CuTest *cu)
+test_changed_staple_ca (void)
 {
 	CK_ULONG category = 0;
 
@@ -1616,31 +1503,27 @@ test_changed_staple_ca (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = NULL;
 	rv = p11_index_take (test.index, p11_attrs_dup (input), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	/* Not a CA at this point, until we staple */
 	category = 0;
-	CuAssertTrue (cu, p11_index_find (test.index, match, -1) == 0);
+	assert (p11_index_find (test.index, match, -1) == 0);
 
 	/* Add a stapled basic constraint */
 	rv = p11_index_add (test.index, stapled, 4, NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	/* Now should be a CA */
 	category = 2;
-	CuAssertTrue (cu, p11_index_find (test.index, match, -1) != 0);
+	assert (p11_index_find (test.index, match, -1) != 0);
 
 	p11_attrs_free (attrs);
-
-	teardown (cu);
 }
 
 static void
-test_changed_staple_ku (CuTest *cu)
+test_changed_staple_ku (void)
 {
 	CK_ATTRIBUTE stapled_ds_and_np[] = {
 		{ CKA_CLASS, &certificate_extension, sizeof (certificate_extension) },
@@ -1684,74 +1567,55 @@ test_changed_staple_ku (CuTest *cu)
 	CK_ATTRIBUTE *attrs;
 	CK_RV rv;
 
-	setup (cu);
-
 	p11_index_batch (test.index);
 	rv = p11_index_take (test.index, p11_attrs_dup (input), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = p11_index_take (test.index, p11_attrs_dup (stapled_ds_and_np), NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	p11_index_finish (test.index);
 
 	handle = p11_index_find (test.index, nss_trust_ds_and_np, 2);
-	CuAssertTrue (cu, handle != 0);
+	assert (handle != 0);
 
 	attrs = p11_index_lookup (test.index, handle);
-	test_check_attrs (cu, nss_trust_ds_and_np, attrs);
-
-	teardown (cu);
+	test_check_attrs (nss_trust_ds_and_np, attrs);
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
-	p11_debug_init ();
-	/* p11_message_quiet (); */
-
-	SUITE_ADD_TEST (suite, test_get_cache);
-	SUITE_ADD_TEST (suite, test_build_data);
-	SUITE_ADD_TEST (suite, test_build_certificate);
-	SUITE_ADD_TEST (suite, test_build_certificate_empty);
-	SUITE_ADD_TEST (suite, test_build_certificate_non_ca);
-	SUITE_ADD_TEST (suite, test_build_certificate_v1_ca);
-	SUITE_ADD_TEST (suite, test_build_certificate_staple_ca);
-	SUITE_ADD_TEST (suite, test_build_certificate_no_type);
-	SUITE_ADD_TEST (suite, test_build_certificate_bad_type);
-	SUITE_ADD_TEST (suite, test_build_extension);
-	SUITE_ADD_TEST (suite, test_build_distant_end_date);
-	SUITE_ADD_TEST (suite, test_create_not_settable);
-	SUITE_ADD_TEST (suite, test_create_but_loadable);
-	SUITE_ADD_TEST (suite, test_create_unsupported);
-	SUITE_ADD_TEST (suite, test_create_generated);
-	SUITE_ADD_TEST (suite, test_create_bad_attribute);
-	SUITE_ADD_TEST (suite, test_create_missing_attribute);
-	SUITE_ADD_TEST (suite, test_create_no_class);
-	SUITE_ADD_TEST (suite, test_create_token_mismatch);
-	SUITE_ADD_TEST (suite, test_modify_success);
-	SUITE_ADD_TEST (suite, test_modify_read_only);
-	SUITE_ADD_TEST (suite, test_modify_unchanged);
-	SUITE_ADD_TEST (suite, test_modify_not_modifiable);
-
-	SUITE_ADD_TEST (suite, test_changed_trusted_certificate);
-	SUITE_ADD_TEST (suite, test_changed_distrust_value);
-	SUITE_ADD_TEST (suite, test_changed_distrust_serial);
-	SUITE_ADD_TEST (suite, test_changed_without_id);
-	SUITE_ADD_TEST (suite, test_changed_staple_ca);
-	SUITE_ADD_TEST (suite, test_changed_staple_ku);
-	SUITE_ADD_TEST (suite, test_changed_dup_certificates);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+	p11_fixture (setup, teardown);
+	p11_test (test_get_cache, "/builder/get_cache");
+	p11_test (test_build_data, "/builder/build_data");
+	p11_test (test_build_certificate, "/builder/build_certificate");
+	p11_test (test_build_certificate_empty, "/builder/build_certificate_empty");
+	p11_test (test_build_certificate_non_ca, "/builder/build_certificate_non_ca");
+	p11_test (test_build_certificate_v1_ca, "/builder/build_certificate_v1_ca");
+	p11_test (test_build_certificate_staple_ca, "/builder/build_certificate_staple_ca");
+	p11_test (test_build_certificate_no_type, "/builder/build_certificate_no_type");
+	p11_test (test_build_certificate_bad_type, "/builder/build_certificate_bad_type");
+	p11_test (test_build_extension, "/builder/build_extension");
+	p11_test (test_build_distant_end_date, "/builder/build_distant_end_date");
+	p11_test (test_create_not_settable, "/builder/create_not_settable");
+	p11_test (test_create_but_loadable, "/builder/create_but_loadable");
+	p11_test (test_create_unsupported, "/builder/create_unsupported");
+	p11_test (test_create_generated, "/builder/create_generated");
+	p11_test (test_create_bad_attribute, "/builder/create_bad_attribute");
+	p11_test (test_create_missing_attribute, "/builder/create_missing_attribute");
+	p11_test (test_create_no_class, "/builder/create_no_class");
+	p11_test (test_create_token_mismatch, "/builder/create_token_mismatch");
+	p11_test (test_modify_success, "/builder/modify_success");
+	p11_test (test_modify_read_only, "/builder/modify_read_only");
+	p11_test (test_modify_unchanged, "/builder/modify_unchanged");
+	p11_test (test_modify_not_modifiable, "/builder/modify_not_modifiable");
+
+	p11_test (test_changed_trusted_certificate, "/builder/changed_trusted_certificate");
+	p11_test (test_changed_distrust_value, "/builder/changed_distrust_value");
+	p11_test (test_changed_distrust_serial, "/builder/changed_distrust_serial");
+	p11_test (test_changed_without_id, "/builder/changed_without_id");
+	p11_test (test_changed_staple_ca, "/builder/changed_staple_ca");
+	p11_test (test_changed_staple_ku, "/builder/changed_staple_ku");
+	p11_test (test_changed_dup_certificates, "/builder/changed_dup_certificates");
+	return p11_test_run (argc, argv);
 }
diff --git a/trust/tests/test-index.c b/trust/tests/test-index.c
index 8405061..85c44b7 100644
--- a/trust/tests/test-index.c
+++ b/trust/tests/test-index.c
@@ -33,8 +33,10 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-trust.h"
 
+#include 
 #include 
 #include 
 #include 
@@ -44,28 +46,26 @@
 #include "index.h"
 #include "message.h"
 
-#include "test-data.h"
-
 struct {
 	p11_index *index;
 } test;
 
 static void
-setup (CuTest *cu)
+setup (void *unused)
 {
 	test.index = p11_index_new (NULL, NULL, NULL);
-	CuAssertPtrNotNull (cu, test.index);
+	assert_ptr_not_null (test.index);
 }
 
 static void
-teardown (CuTest *cu)
+teardown (void *unused)
 {
 	p11_index_free (test.index);
 	memset (&test, 0, sizeof (test));
 }
 
 static void
-test_take_lookup (CuTest *cu)
+test_take_lookup (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -78,26 +78,22 @@ test_take_lookup (CuTest *cu)
 	CK_OBJECT_HANDLE handle;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = p11_attrs_dup (original);
 	rv = p11_index_take (test.index, attrs, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (cu, original, check);
+	test_check_attrs (original, check);
 
 	check = p11_index_lookup (test.index, 1UL);
-	CuAssertPtrEquals (cu, NULL, check);
+	assert_ptr_eq (NULL, check);
 
 	check = p11_index_lookup (test.index, 0UL);
-	CuAssertPtrEquals (cu, NULL, check);
-
-	teardown (cu);
+	assert_ptr_eq (NULL, check);
 }
 
 static void
-test_add_lookup (CuTest *cu)
+test_add_lookup (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -109,19 +105,15 @@ test_add_lookup (CuTest *cu)
 	CK_OBJECT_HANDLE handle;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = p11_index_add (test.index, original, 2, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (cu, original, check);
-
-	teardown (cu);
+	test_check_attrs (original, check);
 }
 
 static void
-test_size (CuTest *cu)
+test_size (void)
 {
 	static CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -131,20 +123,16 @@ test_size (CuTest *cu)
 
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = p11_index_add (test.index, original, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = p11_index_add (test.index, original, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = p11_index_add (test.index, original, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
-
-	CuAssertIntEquals (cu, 3, p11_index_size (test.index));
+	assert (rv == CKR_OK);
 
-	teardown (cu);
+	assert_num_eq (3, p11_index_size (test.index));
 }
 
 static int
@@ -162,7 +150,7 @@ compar_ulong (const void *one,
 }
 
 static void
-test_snapshot (CuTest *cu)
+test_snapshot (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -175,29 +163,26 @@ test_snapshot (CuTest *cu)
 	CK_OBJECT_HANDLE *snapshot;
 	int i;
 
-	setup (cu);
-
 	for (i = 0; i < NUM; i++)
 		p11_index_add (test.index, original, 2, expected + i);
 
 	snapshot = p11_index_snapshot (test.index, NULL, NULL, 0);
-	CuAssertPtrNotNull (cu, snapshot);
+	assert_ptr_not_null (snapshot);
 
 	for (i = 0; i < NUM; i++)
-		CuAssertTrue (cu, snapshot[i] != 0);
-	CuAssertTrue (cu, snapshot[NUM] == 0);
+		assert (snapshot[i] != 0);
+	assert (snapshot[NUM] == 0);
 
 	qsort (snapshot, NUM, sizeof (CK_OBJECT_HANDLE), compar_ulong);
 
 	for (i = 0; i < NUM; i++)
-		CuAssertIntEquals (cu, expected[i], snapshot[i]);
+		assert_num_eq (expected[i], snapshot[i]);
 
 	free (snapshot);
-	teardown (cu);
 }
 
 static void
-test_snapshot_base (CuTest *cu)
+test_snapshot_base (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -211,31 +196,28 @@ test_snapshot_base (CuTest *cu)
 	CK_RV rv;
 	int i;
 
-	setup (cu);
-
 	for (i = 0; i < NUM; i++) {
 		rv = p11_index_add (test.index, original, 2, expected + i);
-		CuAssertTrue (cu, rv == CKR_OK);
+		assert (rv == CKR_OK);
 	}
 
 	snapshot = p11_index_snapshot (test.index, test.index, NULL, 0);
-	CuAssertPtrNotNull (cu, snapshot);
+	assert_ptr_not_null (snapshot);
 
 	for (i = 0; i < NUM * 2; i++)
-		CuAssertTrue (cu, snapshot[i] != 0);
-	CuAssertTrue (cu, snapshot[NUM * 2] == 0);
+		assert (snapshot[i] != 0);
+	assert (snapshot[NUM * 2] == 0);
 
 	qsort (snapshot, NUM * 2, sizeof (CK_OBJECT_HANDLE), compar_ulong);
 
 	for (i = 0; i < NUM * 2; i++)
-		CuAssertIntEquals (cu, expected[i / 2], snapshot[i]);
+		assert_num_eq (expected[i / 2], snapshot[i]);
 
 	free (snapshot);
-	teardown (cu);
 }
 
 static void
-test_remove (CuTest *cu)
+test_remove (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -248,29 +230,25 @@ test_remove (CuTest *cu)
 	CK_OBJECT_HANDLE handle;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = p11_attrs_dup (original);
 	rv = p11_index_take (test.index, attrs, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (test.index, handle);
-	CuAssertPtrEquals (cu, attrs, check);
+	assert_ptr_eq (attrs, check);
 
 	rv = p11_index_remove (test.index, 1UL);
-	CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID);
+	assert (rv == CKR_OBJECT_HANDLE_INVALID);
 
 	rv = p11_index_remove (test.index, handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (test.index, handle);
-	CuAssertPtrEquals (cu, NULL, check);
-
-	teardown (cu);
+	assert_ptr_eq (NULL, check);
 }
 
 static void
-test_set (CuTest *cu)
+test_set (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -291,29 +269,25 @@ test_set (CuTest *cu)
 	CK_OBJECT_HANDLE handle;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = p11_attrs_dup (original);
 	rv = p11_index_take (test.index, attrs, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (cu, original, check);
+	test_check_attrs (original, check);
 
 	rv = p11_index_set (test.index, handle, &change, 1);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (cu, changed, check);
+	test_check_attrs (changed, check);
 
 	rv = p11_index_set (test.index, 1UL, &change, 1);
-	CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID);
-
-	teardown (cu);
+	assert (rv == CKR_OBJECT_HANDLE_INVALID);
 }
 
 static void
-test_update (CuTest *cu)
+test_update (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -334,31 +308,27 @@ test_update (CuTest *cu)
 	CK_OBJECT_HANDLE handle;
 	CK_RV rv;
 
-	setup (cu);
-
 	attrs = p11_attrs_dup (original);
 	rv = p11_index_take (test.index, attrs, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (cu, original, check);
+	test_check_attrs (original, check);
 
 	attrs = p11_attrs_build (NULL, &change, NULL);
 	rv = p11_index_update (test.index, handle, attrs);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (test.index, handle);
-	test_check_attrs (cu, changed, check);
+	test_check_attrs (changed, check);
 
 	attrs = p11_attrs_build (NULL, &change, NULL);
 	rv = p11_index_update (test.index, 1L, attrs);
-	CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID);
-
-	teardown (cu);
+	assert (rv == CKR_OBJECT_HANDLE_INVALID);
 }
 
 static void
-test_find (CuTest *tc)
+test_find (void)
 {
 	CK_ATTRIBUTE first[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -399,31 +369,27 @@ test_find (CuTest *tc)
 	CK_OBJECT_HANDLE two;
 	CK_OBJECT_HANDLE three;
 
-	setup (tc);
-
 	p11_index_add (test.index, first, 2, &one);
 	p11_index_add (test.index, second, 2, &two);
 	p11_index_add (test.index, third, 2, &three);
 
 	check = p11_index_find (test.index, match3, -1);
-	CuAssertIntEquals (tc, three, check);
+	assert_num_eq (three, check);
 
 	check = p11_index_find (test.index, match3, 1);
-	CuAssertIntEquals (tc, three, check);
+	assert_num_eq (three, check);
 
 	check = p11_index_find (test.index, match_any, -1);
-	CuAssertTrue (tc, check == one || check == two || check == three);
+	assert (check == one || check == two || check == three);
 
 	check = p11_index_find (test.index, match_any, 1);
-	CuAssertTrue (tc, check == one || check == two || check == three);
+	assert (check == one || check == two || check == three);
 
 	check = p11_index_find (test.index, match_none, -1);
-	CuAssertIntEquals (tc, 0, check);
+	assert_num_eq (0, check);
 
 	check = p11_index_find (test.index, match_none, 2);
-	CuAssertIntEquals (tc, 0, check);
-
-	teardown (tc);
+	assert_num_eq (0, check);
 }
 
 static bool
@@ -464,7 +430,7 @@ handles_are (CK_OBJECT_HANDLE *handles,
 }
 
 static void
-test_find_all (CuTest *tc)
+test_find_all (void)
 {
 	CK_ATTRIBUTE first[] = {
 		{ CKA_LABEL, "odd", 3 },
@@ -513,44 +479,40 @@ test_find_all (CuTest *tc)
 	CK_OBJECT_HANDLE two;
 	CK_OBJECT_HANDLE three;
 
-	setup (tc);
-
 	p11_index_add (test.index, first, 3, &one);
 	p11_index_add (test.index, second, 3, &two);
 	p11_index_add (test.index, third, 3, &three);
 
 	check = p11_index_find_all (test.index, match_3, -1);
-	CuAssertTrue (tc, handles_are (check, three, 0UL));
+	assert (handles_are (check, three, 0UL));
 	free (check);
 
 	check = p11_index_find_all (test.index, match_none, -1);
-	CuAssertTrue (tc, handles_are (check, 0UL));
+	assert (handles_are (check, 0UL));
 	free (check);
 
 	check = p11_index_find_all (test.index, match_odd, -1);
-	CuAssertTrue (tc, handles_are (check, one, three, 0UL));
+	assert (handles_are (check, one, three, 0UL));
 	free (check);
 
 	check = p11_index_find_all (test.index, match_any, -1);
-	CuAssertTrue (tc, handles_are (check, one, two, three, 0UL));
+	assert (handles_are (check, one, two, three, 0UL));
 	free (check);
 
 	check = p11_index_find_all (test.index, match_none, -1);
-	CuAssertPtrNotNull (tc, check);
-	CuAssertIntEquals (tc, 0, check[0]);
+	assert_ptr_not_null (check);
+	assert_num_eq (0, check[0]);
 	free (check);
 
 	/* A double check of this method */
 	one = 0UL;
 	check = &one;
-	CuAssertTrue (tc, !handles_are (check, 29292929, 0UL));
-	CuAssertTrue (tc, !handles_are (NULL, 0UL));
-
-	teardown (tc);
+	assert (!handles_are (check, 29292929, 0UL));
+	assert (!handles_are (NULL, 0UL));
 }
 
 static void
-test_find_realloc (CuTest *tc)
+test_find_realloc (void)
 {
 	CK_ATTRIBUTE attrs[] = {
 		{ CKA_LABEL, "odd", 3 },
@@ -566,24 +528,21 @@ test_find_realloc (CuTest *tc)
 	CK_OBJECT_HANDLE *check;
 	int i;
 
-	setup (tc);
-
 	for (i = 0; i < 1000; i++)
 		p11_index_add (test.index, attrs, 3, NULL);
 
 	check = p11_index_find_all (test.index, match, -1);
-	CuAssertPtrNotNull (tc, check);
+	assert_ptr_not_null (check);
 
 	for (i = 0; i < 1000; i++)
-		CuAssertTrue (tc, check[i] != 0);
-	CuAssertIntEquals (tc, 0, check[1000]);
+		assert (check[i] != 0);
+	assert_num_eq (0, check[1000]);
 
 	free (check);
-	teardown (tc);
 }
 
 static void
-test_replace_all (CuTest *tc)
+test_replace_all (void)
 {
 	CK_ATTRIBUTE first[] = {
 		{ CKA_LABEL, "odd", 3 },
@@ -647,16 +606,14 @@ test_replace_all (CuTest *tc)
 	p11_array *array;
 	CK_RV rv;
 
-	setup (tc);
-
 	p11_index_add (test.index, first, 3, &one);
-	CuAssertTrue (tc, one != 0);
+	assert (one != 0);
 	p11_index_add (test.index, second, 3, &two);
-	CuAssertTrue (tc, two != 0);
+	assert (two != 0);
 	p11_index_add (test.index, third, 3, &three);
-	CuAssertTrue (tc, three != 0);
+	assert (three != 0);
 	p11_index_add (test.index, fifth, 3, &five);
-	CuAssertTrue (tc, five != 0);
+	assert (five != 0);
 
 	array = p11_array_new (p11_attrs_free);
 	p11_array_push (array, p11_attrs_buildn (NULL, eins, 3));
@@ -664,38 +621,36 @@ test_replace_all (CuTest *tc)
 	p11_array_push (array, p11_attrs_buildn (NULL, neun, 3));
 
 	rv = p11_index_replace_all (test.index, match, CKA_VALUE, array);
-	CuAssertTrue (tc, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	CuAssertIntEquals (tc, 0, array->num);
+	assert_num_eq (0, array->num);
 	p11_array_free (array);
 
 	/* eins should have replaced one */
 	check = p11_index_find (test.index, eins, -1);
-	CuAssertIntEquals (tc, one, check);
+	assert_num_eq (one, check);
 
 	/* two should still be around */
 	check = p11_index_find (test.index, second, -1);
-	CuAssertIntEquals (tc, two, check);
+	assert_num_eq (two, check);
 
 	/* three should have been removed */
 	check = p11_index_find (test.index, third, -1);
-	CuAssertIntEquals (tc, 0, check);
+	assert_num_eq (0, check);
 
 	/* five should have been removed */
 	check = p11_index_find (test.index, fifth, -1);
-	CuAssertIntEquals (tc, 0, check);
+	assert_num_eq (0, check);
 
 	/* sieben should have been added */
 	check = p11_index_find (test.index, sieben, -1);
-	CuAssertTrue (tc, check != one && check != two && check != three && check != five);
+	assert (check != one && check != two && check != three && check != five);
 
 	/* neun should have been added */
 	check = p11_index_find (test.index, neun, -1);
-	CuAssertTrue (tc, check != one && check != two && check != three && check != five);
-
-	CuAssertIntEquals (tc, 4, p11_index_size (test.index));
+	assert (check != one && check != two && check != three && check != five);
 
-	teardown (tc);
+	assert_num_eq (4, p11_index_size (test.index));
 }
 
 
@@ -705,17 +660,16 @@ on_build_populate (void *data,
                    CK_ATTRIBUTE **attrs,
                    CK_ATTRIBUTE *merge)
 {
-	CuTest *cu = data;
-
 	CK_ATTRIBUTE override[] = {
 		{ CKA_APPLICATION, "vigorous", 8 },
 		{ CKA_LABEL, "naay", 4 },
 		{ CKA_INVALID },
 	};
 
-	CuAssertPtrNotNull (cu, index);
-	CuAssertPtrNotNull (cu, attrs);
-	CuAssertPtrNotNull (cu, merge);
+	assert_str_eq (data, "blah");
+	assert_ptr_not_null (index);
+	assert_ptr_not_null (attrs);
+	assert_ptr_not_null (merge);
 
 	*attrs = p11_attrs_merge (*attrs, merge, true);
 	*attrs = p11_attrs_merge (*attrs, p11_attrs_dup (override), true);
@@ -723,7 +677,7 @@ on_build_populate (void *data,
 }
 
 static void
-test_build_populate (CuTest *cu)
+test_build_populate (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -744,24 +698,24 @@ test_build_populate (CuTest *cu)
 	p11_index *index;
 	CK_RV rv;
 
-	index = p11_index_new (on_build_populate, NULL, cu);
-	CuAssertPtrNotNull (cu, index);
+	index = p11_index_new (on_build_populate, NULL, "blah");
+	assert_ptr_not_null (index);
 
 	rv = p11_index_add (index, original, 2, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (index, handle);
-	CuAssertPtrNotNull (cu, check);
+	assert_ptr_not_null (check);
 
-	test_check_attrs (cu, after, check);
+	test_check_attrs (after, check);
 
 	rv = p11_index_set (index, handle, original, 2);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	check = p11_index_lookup (index, handle);
-	CuAssertPtrNotNull (cu, check);
+	assert_ptr_not_null (check);
 
-	test_check_attrs (cu, after, check);
+	test_check_attrs (after, check);
 
 	p11_index_free (index);
 }
@@ -772,14 +726,13 @@ on_build_fail (void *data,
                CK_ATTRIBUTE **attrs,
                CK_ATTRIBUTE *merge)
 {
-	CuTest *cu = data;
-
 	CK_ATTRIBUTE check[] = {
 		{ CKA_LABEL, "nay", 3 },
 		{ CKA_INVALID }
 	};
 
-	CuAssertPtrNotNull (cu, merge);
+	assert_str_eq (data, "testo");
+	assert_ptr_not_null (merge);
 
 	if (p11_attrs_match (merge, check))
 		return CKR_DEVICE_ERROR;
@@ -790,7 +743,7 @@ on_build_fail (void *data,
 
 
 static void
-test_build_fail (CuTest *cu)
+test_build_fail (void)
 {
 	CK_ATTRIBUTE okay[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -808,20 +761,20 @@ test_build_fail (CuTest *cu)
 	p11_index *index;
 	CK_RV rv;
 
-	index = p11_index_new (on_build_fail, NULL, cu);
-	CuAssertPtrNotNull (cu, index);
+	index = p11_index_new (on_build_fail, NULL, "testo");
+	assert_ptr_not_null (index);
 
 	rv = p11_index_add (index, okay, 2, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = p11_index_add (index, fails, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_DEVICE_ERROR);
+	assert (rv == CKR_DEVICE_ERROR);
 
 	rv = p11_index_set (index, handle, fails, 2);
-	CuAssertTrue (cu, rv == CKR_DEVICE_ERROR);
+	assert (rv == CKR_DEVICE_ERROR);
 
 	rv = p11_index_set (index, handle, okay, 2);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	p11_index_free (index);
 }
@@ -836,8 +789,6 @@ on_change_check (void *data,
                  CK_OBJECT_HANDLE handle,
                  CK_ATTRIBUTE *attrs)
 {
-	CuTest *cu = data;
-
 	CK_ATTRIBUTE check[] = {
 		{ CKA_LABEL, "yay", 3 },
 		{ CKA_VALUE, "eight", 5 },
@@ -845,22 +796,23 @@ on_change_check (void *data,
 
 	};
 
-	CuAssertPtrNotNull (cu, index);
-	CuAssertPtrNotNull (cu, attrs);
+	assert_str_eq (data, "change-check");
+	assert_ptr_not_null (index);
+	assert_ptr_not_null (attrs);
 
 	if (!on_change_batching) {
 		if (on_change_removing)
-			CuAssertIntEquals (cu, 0, handle);
+			assert_num_eq (0, handle);
 		else
-			CuAssertTrue (cu, handle != 0);
+			assert (handle != 0);
 	}
 
-	test_check_attrs (cu, check, attrs);
+	test_check_attrs (check, attrs);
 	on_change_called++;
 }
 
 static void
-test_change_called (CuTest *cu)
+test_change_called (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -873,39 +825,39 @@ test_change_called (CuTest *cu)
 	p11_index *index;
 	CK_RV rv;
 
-	index = p11_index_new (NULL, on_change_check, cu);
-	CuAssertPtrNotNull (cu, index);
+	index = p11_index_new (NULL, on_change_check, "change-check");
+	assert_ptr_not_null (index);
 
 	on_change_removing = false;
 	on_change_called = 0;
 
 	rv = p11_index_add (index, original, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	CuAssertIntEquals (cu, 1, on_change_called);
+	assert_num_eq (1, on_change_called);
 
 	rv = p11_index_add (index, original, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	CuAssertIntEquals (cu, 2, on_change_called);
+	assert_num_eq (2, on_change_called);
 
 	rv = p11_index_add (index, original, 2, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	CuAssertIntEquals (cu, 3, on_change_called);
+	assert_num_eq (3, on_change_called);
 
 	on_change_removing = true;
 
 	rv = p11_index_remove (index, handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	CuAssertIntEquals (cu, 4, on_change_called);
+	assert_num_eq (4, on_change_called);
 
 	p11_index_free (index);
 }
 
 static void
-test_change_batch (CuTest *cu)
+test_change_batch (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -918,38 +870,38 @@ test_change_batch (CuTest *cu)
 	p11_index *index;
 	CK_RV rv;
 
-	index = p11_index_new (NULL, on_change_check, cu);
-	CuAssertPtrNotNull (cu, index);
+	index = p11_index_new (NULL, on_change_check, "change-check");
+	assert_ptr_not_null (index);
 
 	on_change_batching = true;
 	on_change_called = 0;
 
 	p11_index_batch (index);
 
-	CuAssertTrue (cu, p11_index_in_batch (index));
+	assert (p11_index_in_batch (index));
 
 	rv = p11_index_add (index, original, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	CuAssertIntEquals (cu, 0, on_change_called);
+	assert_num_eq (0, on_change_called);
 
 	rv = p11_index_add (index, original, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	CuAssertIntEquals (cu, 0, on_change_called);
+	assert_num_eq (0, on_change_called);
 
 	rv = p11_index_add (index, original, 2, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	CuAssertIntEquals (cu, 0, on_change_called);
+	assert_num_eq (0, on_change_called);
 
 	/* Nested batch is a noop */
 	p11_index_batch (index);
 
 	rv = p11_index_remove (index, handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
-	CuAssertIntEquals (cu, 0, on_change_called);
+	assert_num_eq (0, on_change_called);
 
 	/*
 	 * Batch finishes when first finish call is called,
@@ -957,18 +909,18 @@ test_change_batch (CuTest *cu)
 	 */
 	p11_index_finish (index);
 
-	CuAssertTrue (cu, !p11_index_in_batch (index));
+	assert (!p11_index_in_batch (index));
 
 	/*
 	 * Only three calls, because later operations on the
 	 * same handle override the earlier one.
 	 */
-	CuAssertIntEquals (cu, 3, on_change_called);
+	assert_num_eq (3, on_change_called);
 
 	/* This is a noop */
 	p11_index_finish (index);
 
-	CuAssertTrue (cu, !p11_index_in_batch (index));
+	assert (!p11_index_in_batch (index));
 
 	p11_index_free (index);
 }
@@ -979,7 +931,6 @@ on_change_nested (void *data,
                   CK_OBJECT_HANDLE handle,
                   CK_ATTRIBUTE *attrs)
 {
-	CuTest *cu = data;
 	CK_RV rv;
 
 	CK_ATTRIBUTE second[] = {
@@ -989,15 +940,16 @@ on_change_nested (void *data,
 
 	};
 
+	assert_str_eq (data, "change-nested");
 	on_change_called++;
 
 	/* A nested call */
 	rv = p11_index_add (index, second, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_change_nested (CuTest *cu)
+test_change_nested (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_LABEL, "yay", 3 },
@@ -1009,61 +961,50 @@ test_change_nested (CuTest *cu)
 	p11_index *index;
 	CK_RV rv;
 
-	index = p11_index_new (NULL, on_change_nested, cu);
-	CuAssertPtrNotNull (cu, index);
+	index = p11_index_new (NULL, on_change_nested, "change-nested");
+	assert_ptr_not_null (index);
 
 	on_change_called = 0;
 	rv = p11_index_add (index, original, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
-	CuAssertIntEquals (cu, 1, on_change_called);
+	assert (rv == CKR_OK);
+	assert_num_eq (1, on_change_called);
 
 
 	on_change_called = 0;
 	p11_index_batch (index);
 	rv = p11_index_add (index, original, 2, NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 	p11_index_finish (index);
-	CuAssertIntEquals (cu, 1, on_change_called);
+	assert_num_eq (1, on_change_called);
 
 	p11_index_free (index);
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
-	p11_debug_init ();
 	p11_message_quiet ();
 
-	SUITE_ADD_TEST (suite, test_add_lookup);
-	SUITE_ADD_TEST (suite, test_take_lookup);
-	SUITE_ADD_TEST (suite, test_size);
-	SUITE_ADD_TEST (suite, test_remove);
-	SUITE_ADD_TEST (suite, test_snapshot);
-	SUITE_ADD_TEST (suite, test_snapshot_base);
-	SUITE_ADD_TEST (suite, test_set);
-	SUITE_ADD_TEST (suite, test_update);
-	SUITE_ADD_TEST (suite, test_find);
-	SUITE_ADD_TEST (suite, test_find_all);
-	SUITE_ADD_TEST (suite, test_find_realloc);
-	SUITE_ADD_TEST (suite, test_replace_all);
-	SUITE_ADD_TEST (suite, test_build_populate);
-	SUITE_ADD_TEST (suite, test_build_fail);
-	SUITE_ADD_TEST (suite, test_change_called);
-	SUITE_ADD_TEST (suite, test_change_batch);
-	SUITE_ADD_TEST (suite, test_change_nested);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+	p11_fixture (setup, teardown);
+	p11_test (test_add_lookup, "/index/add_lookup");
+	p11_test (test_take_lookup, "/index/take_lookup");
+	p11_test (test_size, "/index/size");
+	p11_test (test_remove, "/index/remove");
+	p11_test (test_snapshot, "/index/snapshot");
+	p11_test (test_snapshot_base, "/index/snapshot_base");
+	p11_test (test_set, "/index/set");
+	p11_test (test_update, "/index/update");
+	p11_test (test_find, "/index/find");
+	p11_test (test_find_all, "/index/find_all");
+	p11_test (test_find_realloc, "/index/find_realloc");
+	p11_test (test_replace_all, "/index/replace_all");
+
+	p11_fixture (NULL, NULL);
+	p11_test (test_build_populate, "/index/build_populate");
+	p11_test (test_build_fail, "/index/build_fail");
+	p11_test (test_change_called, "/index/change_called");
+	p11_test (test_change_batch, "/index/change_batch");
+	p11_test (test_change_nested, "/index/change_nested");
+	return p11_test_run (argc, argv);
 }
diff --git a/trust/tests/test-module.c b/trust/tests/test-module.c
index 472263a..45ec74d 100644
--- a/trust/tests/test-module.c
+++ b/trust/tests/test-module.c
@@ -32,21 +32,21 @@
  * Author: Stef Walter 
  */
 
+#define CRYPTOKI_EXPORTS
+
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-trust.h"
 
 #include 
 #include 
 #include 
 
-#define CRYPTOKI_EXPORTS
-
 #include "attrs.h"
 #include "hash.h"
 #include "library.h"
 #include "path.h"
 #include "pkcs11x.h"
-#include "test-data.h"
 #include "token.h"
 
 #include 
@@ -67,7 +67,7 @@ struct {
 } test;
 
 static void
-setup (CuTest *cu)
+setup (void *unused)
 {
 	CK_C_INITIALIZE_ARGS args;
 	const char *paths;
@@ -79,137 +79,68 @@ setup (CuTest *cu)
 
 	/* This is the entry point of the trust module, linked to this test */
 	rv = C_GetFunctionList (&test.module);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	memset (&args, 0, sizeof (args));
 	paths = SRCDIR "/input" P11_PATH_SEP \
 		SRCDIR "/files/self-signed-with-ku.der" P11_PATH_SEP \
 		SRCDIR "/files/thawte.pem";
 	if (asprintf (&arguments, "paths='%s'", paths) < 0)
-		CuAssertTrue (cu, false && "not reached");
+		assert (false && "not reached");
 	args.pReserved = arguments;
 	args.flags = CKF_OS_LOCKING_OK;
 
 	rv = test.module->C_Initialize (&args);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	free (arguments);
 
 	count = NUM_SLOTS;
 	rv = test.module->C_GetSlotList (CK_TRUE, test.slots, &count);
-	CuAssertTrue (cu, rv == CKR_OK);
-	CuAssertTrue (cu, count == NUM_SLOTS);
+	assert (rv == CKR_OK);
+	assert (count == NUM_SLOTS);
 }
 
 static void
-teardown (CuTest *cu)
+teardown (void *unused)
 {
 	CK_RV rv;
 
 	rv = test.module->C_Finalize (NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	memset (&test, 0, sizeof (test));
 }
 
 static void
-test_get_slot_list (CuTest *cu)
+test_get_slot_list (void)
 {
 	CK_SLOT_ID slots[NUM_SLOTS];
 	CK_ULONG count;
 	CK_RV rv;
 	int i;
 
-	setup (cu);
-
 	rv = test.module->C_GetSlotList (TRUE, NULL, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, NUM_SLOTS, count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (NUM_SLOTS, count);
 
 	count = 1;
 	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	CuAssertIntEquals (cu, CKR_BUFFER_TOO_SMALL, rv);
-	CuAssertIntEquals (cu, NUM_SLOTS, count);
+	assert_num_eq (CKR_BUFFER_TOO_SMALL, rv);
+	assert_num_eq (NUM_SLOTS, count);
 
 	count = NUM_SLOTS;
 	memset (slots, 0, sizeof (slots));
 	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, NUM_SLOTS, count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (NUM_SLOTS, count);
 
 	for (i = 0; i < NUM_SLOTS; i++)
-		CuAssertTrue (cu, slots[i] != 0);
-
-	teardown (cu);
-}
-
-static void
-test_null_initialize (CuTest *cu)
-{
-	CK_FUNCTION_LIST *module;
-	CK_RV rv;
-
-	/* This is the entry point of the trust module, linked to this test */
-	rv = C_GetFunctionList (&module);
-	CuAssertTrue (cu, rv == CKR_OK);
-
-	rv = module->C_Initialize (NULL);
-	CuAssertTrue (cu, rv == CKR_OK);
-
-	rv = module->C_Finalize (NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-}
-
-static void
-test_multi_initialize (CuTest *cu)
-{
-	static CK_C_INITIALIZE_ARGS args =
-		{ NULL, NULL, NULL, NULL, CKF_OS_LOCKING_OK, NULL, };
-	CK_FUNCTION_LIST *module;
-	CK_SESSION_HANDLE session;
-	CK_SLOT_ID slots[8];
-	CK_SESSION_INFO info;
-	CK_ULONG count;
-	CK_RV rv;
-
-	/* This is the entry point of the trust module, linked to this test */
-	rv = C_GetFunctionList (&module);
-	CuAssertTrue (cu, rv == CKR_OK);
-
-	rv = module->C_Initialize (&args);
-	CuAssertTrue (cu, rv == CKR_OK);
-
-	count = 8;
-	rv = module->C_GetSlotList (CK_TRUE, slots, &count);
-	CuAssertTrue (cu, rv == CKR_OK);
-	CuAssertTrue (cu, count > 0);
-
-	rv = module->C_OpenSession (slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertTrue (cu, rv == CKR_OK);
-
-	rv = module->C_GetSessionInfo (session, &info);
-	CuAssertTrue (cu, rv == CKR_OK);
-	CuAssertTrue (cu, info.slotID == slots[0]);
-
-	rv = module->C_Initialize (&args);
-	CuAssertTrue (cu, rv == CKR_OK);
-
-	rv = module->C_GetSessionInfo (session, &info);
-	CuAssertTrue (cu, rv == CKR_OK);
-	CuAssertTrue (cu, info.slotID == slots[0]);
-
-	rv = module->C_Finalize (NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-
-	rv = module->C_Finalize (NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-
-	rv = module->C_Finalize (NULL);
-	CuAssertIntEquals (cu, CKR_CRYPTOKI_NOT_INITIALIZED, rv);
+		assert (slots[i] != 0);
 }
 
 static void
-test_get_slot_info (CuTest *cu)
+test_get_slot_info (void)
 {
 	CK_SLOT_ID slots[NUM_SLOTS];
 	CK_SLOT_INFO info;
@@ -226,30 +157,26 @@ test_get_slot_info (CuTest *cu)
 		SRCDIR "/files/thawte.pem"
 	};
 
-	setup (cu);
-
 	count = NUM_SLOTS;
 	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, NUM_SLOTS, count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (NUM_SLOTS, count);
 
 	for (i = 0; i < NUM_SLOTS; i++) {
 		rv = test.module->C_GetSlotInfo (slots[i], &info);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 
 		memset (description, ' ', sizeof (description));
 		length = strlen(paths[i]);
 		if (length > sizeof (description))
 			length = sizeof (description);
 		memcpy (description, paths[i], length);
-		CuAssertTrue (cu, memcmp (info.slotDescription, description, sizeof (description)) == 0);
+		assert (memcmp (info.slotDescription, description, sizeof (description)) == 0);
 	}
-
-	teardown (cu);
 }
 
 static void
-test_get_token_info (CuTest *cu)
+test_get_token_info (void)
 {
 	CK_C_INITIALIZE_ARGS args;
 	CK_FUNCTION_LIST *module;
@@ -269,7 +196,7 @@ test_get_token_info (CuTest *cu)
 
 	/* This is the entry point of the trust module, linked to this test */
 	rv = C_GetFunctionList (&module);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	memset (&args, 0, sizeof (args));
 	args.pReserved = "paths='" \
@@ -279,28 +206,28 @@ test_get_token_info (CuTest *cu)
 	args.flags = CKF_OS_LOCKING_OK;
 
 	rv = module->C_Initialize (&args);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	count = NUM_SLOTS;
 	rv = module->C_GetSlotList (CK_TRUE, slots, &count);
-	CuAssertTrue (cu, rv == CKR_OK);
-	CuAssertTrue (cu, count == NUM_SLOTS);
+	assert (rv == CKR_OK);
+	assert (count == NUM_SLOTS);
 
 	for (i = 0; i < NUM_SLOTS; i++) {
 		rv = module->C_GetTokenInfo (slots[i], &info);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 
 		memset (label, ' ', sizeof (label));
 		memcpy (label, labels[i], strlen (labels[i]));
-		CuAssertTrue (cu, memcmp (info.label, label, sizeof (label)) == 0);
+		assert (memcmp (info.label, label, sizeof (label)) == 0);
 	}
 
 	rv = module->C_Finalize (NULL);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static void
-test_get_session_info (CuTest *cu)
+test_get_session_info (void)
 {
 	CK_SLOT_ID slots[NUM_SLOTS];
 	CK_SESSION_HANDLE sessions[NUM_SLOTS];
@@ -309,30 +236,26 @@ test_get_session_info (CuTest *cu)
 	CK_RV rv;
 	int i;
 
-	setup (cu);
-
 	count = NUM_SLOTS;
 	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, NUM_SLOTS, count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (NUM_SLOTS, count);
 
 	/* Open two sessions with each token */
 	for (i = 0; i < NUM_SLOTS; i++) {
 		rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i]);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 
 		rv = test.module->C_GetSessionInfo (sessions[i], &info);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 
-		CuAssertIntEquals (cu, slots[i], info.slotID);
-		CuAssertIntEquals (cu, CKF_SERIAL_SESSION, info.flags);
+		assert_num_eq (slots[i], info.slotID);
+		assert_num_eq (CKF_SERIAL_SESSION, info.flags);
 	}
-
-	teardown (cu);
 }
 
 static void
-test_close_all_sessions (CuTest *cu)
+test_close_all_sessions (void)
 {
 	CK_SLOT_ID slots[NUM_SLOTS];
 	CK_SESSION_HANDLE sessions[NUM_SLOTS][2];
@@ -341,52 +264,47 @@ test_close_all_sessions (CuTest *cu)
 	CK_RV rv;
 	int i;
 
-	setup (cu);
-
 	count = NUM_SLOTS;
 	rv = test.module->C_GetSlotList (TRUE, slots, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, NUM_SLOTS, count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (NUM_SLOTS, count);
 
 	/* Open two sessions with each token */
 	for (i = 0; i < NUM_SLOTS; i++) {
 		rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][0]);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 
 		rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 
 		rv = test.module->C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL, &sessions[i][1]);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 
 		rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 	}
 
 	/* Close all the sessions on the first token */
 	rv = test.module->C_CloseAllSessions (slots[0]);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	/* Those sessions should be closed */
 	rv = test.module->C_GetSessionInfo (sessions[0][0], &info);
-	CuAssertIntEquals (cu, CKR_SESSION_HANDLE_INVALID, rv);
+	assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv);
 	rv = test.module->C_GetSessionInfo (sessions[0][1], &info);
-	CuAssertIntEquals (cu, CKR_SESSION_HANDLE_INVALID, rv);
+	assert_num_eq (CKR_SESSION_HANDLE_INVALID, rv);
 
 	/* Other sessions should still be open */
 	for (i = 1; i < NUM_SLOTS; i++) {
 		rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 		rv = test.module->C_GetSessionInfo (sessions[i][0], &info);
-		CuAssertIntEquals (cu, CKR_OK, rv);
+		assert_num_eq (CKR_OK, rv);
 	}
-
-	teardown (cu);
 }
 
 static CK_ULONG
-find_objects (CuTest *cu,
-              CK_ATTRIBUTE *match,
+find_objects (CK_ATTRIBUTE *match,
               CK_OBJECT_HANDLE *sessions,
               CK_OBJECT_HANDLE *objects,
               CK_ULONG max_objects)
@@ -400,14 +318,14 @@ find_objects (CuTest *cu,
 	found = 0;
 	for (i = 0; i < NUM_SLOTS; i++) {
 		rv = test.module->C_OpenSession (test.slots[i], CKF_SERIAL_SESSION, NULL, NULL, &session);
-		CuAssertTrue (cu, rv == CKR_OK);
+		assert (rv == CKR_OK);
 
 		rv = test.module->C_FindObjectsInit (session, match, p11_attrs_count (match));
-		CuAssertTrue (cu, rv == CKR_OK);
+		assert (rv == CKR_OK);
 		rv = test.module->C_FindObjects (session, objects + found, max_objects - found, &count);
-		CuAssertTrue (cu, rv == CKR_OK);
+		assert (rv == CKR_OK);
 		rv = test.module->C_FindObjectsFinal (session);
-		CuAssertTrue (cu, rv == CKR_OK);
+		assert (rv == CKR_OK);
 
 		for (j = found ; j < found + count; j++)
 			sessions[j] = session;
@@ -419,8 +337,7 @@ find_objects (CuTest *cu,
 }
 
 static void
-check_trust_object_equiv (CuTest *cu,
-                          CK_SESSION_HANDLE session,
+check_trust_object_equiv (CK_SESSION_HANDLE session,
                           CK_OBJECT_HANDLE trust,
                           CK_ATTRIBUTE *cert)
 {
@@ -444,14 +361,13 @@ check_trust_object_equiv (CuTest *cu,
 	};
 
 	rv = test.module->C_GetAttributeValue (session, trust, equiv, 6);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
-	test_check_attrs (cu, equiv, cert);
+	test_check_attrs (equiv, cert);
 }
 
 static void
-check_trust_object_hashes (CuTest *cu,
-                           CK_SESSION_HANDLE session,
+check_trust_object_hashes (CK_SESSION_HANDLE session,
                            CK_OBJECT_HANDLE trust,
                            CK_ATTRIBUTE *cert)
 {
@@ -468,21 +384,20 @@ check_trust_object_hashes (CuTest *cu,
 	};
 
 	rv = test.module->C_GetAttributeValue (session, trust, hashes, 2);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	value = p11_attrs_find_valid (cert, CKA_VALUE);
-	CuAssertPtrNotNull (cu, value);
+	assert_ptr_not_null (value);
 
 	p11_hash_md5 (check, value->pValue, value->ulValueLen, NULL);
-	CuAssertTrue (cu, memcmp (md5, check, sizeof (md5)) == 0);
+	assert (memcmp (md5, check, sizeof (md5)) == 0);
 
 	p11_hash_sha1 (check, value->pValue, value->ulValueLen, NULL);
-	CuAssertTrue (cu, memcmp (sha1, check, sizeof (sha1)) == 0);
+	assert (memcmp (sha1, check, sizeof (sha1)) == 0);
 }
 
 static void
-check_has_trust_object (CuTest *cu,
-                        CK_ATTRIBUTE *cert)
+check_has_trust_object (CK_ATTRIBUTE *cert)
 {
 	CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
 	CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) };
@@ -493,21 +408,20 @@ check_has_trust_object (CuTest *cu,
 	CK_ULONG count;
 
 	attr = p11_attrs_find_valid (cert, CKA_ID);
-	CuAssertPtrNotNull (cu, attr);
+	assert_ptr_not_null (attr);
 
 	match = p11_attrs_build (NULL, &klass, attr, NULL);
-	count = find_objects (cu, match, sessions, objects, 2);
-	CuAssertIntEquals (cu, 1, count);
+	count = find_objects (match, sessions, objects, 2);
+	assert_num_eq (1, count);
 
-	check_trust_object_equiv (cu, sessions[0], objects[0], cert);
-	check_trust_object_hashes (cu, sessions[0], objects[0], cert);
+	check_trust_object_equiv (sessions[0], objects[0], cert);
+	check_trust_object_hashes (sessions[0], objects[0], cert);
 
 	p11_attrs_free (match);
 }
 
 static void
-check_certificate (CuTest *cu,
-                   CK_SESSION_HANDLE session,
+check_certificate (CK_SESSION_HANDLE session,
                    CK_OBJECT_HANDLE handle)
 {
 	unsigned char label[4096]= { 0, };
@@ -548,7 +462,7 @@ check_certificate (CuTest *cu,
 
 	/* Note that we don't pass the CKA_INVALID attribute in */
 	rv = test.module->C_GetAttributeValue (session, handle, attrs, 15);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	/* If this is the cacert3 certificate, check its values */
 	if (memcmp (value, test_cacert3_ca_der, sizeof (test_cacert3_ca_der)) == 0) {
@@ -565,25 +479,25 @@ check_certificate (CuTest *cu,
 			{ CKA_INVALID, },
 		};
 
-		test_check_cacert3_ca (cu, attrs, NULL);
+		test_check_cacert3_ca (attrs, NULL);
 
 		/* Get anchor specific attributes */
 		rv = test.module->C_GetAttributeValue (session, handle, anchor, 1);
-		CuAssertTrue (cu, rv == CKR_OK);
+		assert (rv == CKR_OK);
 
 		/* It lives in the trusted directory */
-		test_check_attrs (cu, check, anchor);
+		test_check_attrs (check, anchor);
 
 	/* Other certificates, we can't check the values */
 	} else {
-		test_check_object (cu, attrs, CKO_CERTIFICATE, NULL);
+		test_check_object (attrs, CKO_CERTIFICATE, NULL);
 	}
 
-	check_has_trust_object (cu, attrs);
+	check_has_trust_object (attrs);
 }
 
 static void
-test_find_certificates (CuTest *cu)
+test_find_certificates (void)
 {
 	CK_OBJECT_CLASS klass = CKO_CERTIFICATE;
 
@@ -597,19 +511,15 @@ test_find_certificates (CuTest *cu)
 	CK_ULONG count;
 	CK_ULONG i;
 
-	setup (cu);
-
-	count = find_objects (cu, match, sessions, objects, 16);
-	CuAssertIntEquals (cu, 8, count);
+	count = find_objects (match, sessions, objects, 16);
+	assert_num_eq (8, count);
 
 	for (i = 0; i < count; i++)
-		check_certificate (cu, sessions[i], objects[i]);
-
-	teardown (cu);
+		check_certificate (sessions[i], objects[i]);
 }
 
 static void
-test_find_builtin (CuTest *cu)
+test_find_builtin (void)
 {
 	CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST;
 	CK_BBOOL vtrue = CK_TRUE;
@@ -627,17 +537,13 @@ test_find_builtin (CuTest *cu)
 	CK_SESSION_HANDLE sessions[16];
 	CK_ULONG count;
 
-	setup (cu);
-
 	/* One per token */
-	count = find_objects (cu, match, sessions, objects, 16);
-	CuAssertIntEquals (cu, NUM_SLOTS, count);
-
-	teardown (cu);
+	count = find_objects (match, sessions, objects, 16);
+	assert_num_eq (NUM_SLOTS, count);
 }
 
 static void
-test_session_object (CuTest *cu)
+test_session_object (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -651,22 +557,18 @@ test_session_object (CuTest *cu)
 	CK_ULONG size;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_GetObjectSize (session, handle, &size);
-	CuAssertTrue (cu, rv == CKR_OK);
-
-	teardown (cu);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_session_find (CuTest *cu)
+test_session_find (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -681,30 +583,26 @@ test_session_find (CuTest *cu)
 	CK_ULONG count;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_FindObjectsInit (session, original, 2);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, 1, count);
-	CuAssertIntEquals (cu, handle, check);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (1, count);
+	assert_num_eq (handle, check);
 
 	rv = test.module->C_FindObjectsFinal (session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-
-	teardown (cu);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static void
-test_session_find_no_attr (CuTest *cu)
+test_session_find_no_attr (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -724,71 +622,59 @@ test_session_find_no_attr (CuTest *cu)
 	CK_ULONG count;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_CreateObject (session, original, 3, &handle);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_FindObjectsInit (session, match, 1);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, 0, count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (0, count);
 	rv = test.module->C_FindObjectsFinal (session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-
-	teardown (cu);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static void
-test_lookup_invalid (CuTest *cu)
+test_lookup_invalid (void)
 {
 	CK_SESSION_HANDLE session;
 	CK_ULONG size;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_GetObjectSize (session, 88888, &size);
-	CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID);
-
-	teardown (cu);
+	assert (rv == CKR_OBJECT_HANDLE_INVALID);
 }
 
 static void
-test_remove_token (CuTest *cu)
+test_remove_token (void)
 {
 	CK_SESSION_HANDLE session;
 	CK_OBJECT_HANDLE handle;
 	CK_ULONG count;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_FindObjectsInit (session, NULL, 0);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_FindObjects (session, &handle, 1, &count);
-	CuAssertTrue (cu, rv == CKR_OK);
-	CuAssertIntEquals (cu, 1, count);
+	assert (rv == CKR_OK);
+	assert_num_eq (1, count);
 
 	rv = test.module->C_DestroyObject (session, handle);
-	CuAssertTrue (cu, rv == CKR_TOKEN_WRITE_PROTECTED);
-
-	teardown (cu);
+	assert (rv == CKR_TOKEN_WRITE_PROTECTED);
 }
 
 static void
-test_setattr_token (CuTest *cu)
+test_setattr_token (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -802,26 +688,22 @@ test_setattr_token (CuTest *cu)
 	CK_ULONG count;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_FindObjectsInit (session, NULL, 0);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_FindObjects (session, &handle, 1, &count);
-	CuAssertTrue (cu, rv == CKR_OK);
-	CuAssertIntEquals (cu, 1, count);
+	assert (rv == CKR_OK);
+	assert_num_eq (1, count);
 
 	rv = test.module->C_SetAttributeValue (session, handle, original, 2);
-	CuAssertTrue (cu, rv == CKR_TOKEN_WRITE_PROTECTED);
-
-	teardown (cu);
+	assert (rv == CKR_TOKEN_WRITE_PROTECTED);
 }
 
 static void
-test_session_copy (CuTest *cu)
+test_session_copy (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -836,25 +718,21 @@ test_session_copy (CuTest *cu)
 	CK_ULONG size;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_CopyObject (session, handle, original, 2, ©);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_GetObjectSize (session, copy, &size);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-
-	teardown (cu);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static void
-test_session_setattr (CuTest *cu)
+test_session_setattr (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -867,22 +745,18 @@ test_session_setattr (CuTest *cu)
 	CK_OBJECT_HANDLE handle;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_SetAttributeValue (session, handle, original, 2);
-	CuAssertTrue (cu, rv == CKR_OK);
-
-	teardown (cu);
+	assert (rv == CKR_OK);
 }
 
 static void
-test_session_remove (CuTest *cu)
+test_session_remove (void)
 {
 	CK_ATTRIBUTE original[] = {
 		{ CKA_CLASS, &data, sizeof (data) },
@@ -895,25 +769,21 @@ test_session_remove (CuTest *cu)
 	CK_OBJECT_HANDLE handle;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_CreateObject (session, original, 2, &handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_DestroyObject (session, handle);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	rv = test.module->C_DestroyObject (session, handle);
-	CuAssertTrue (cu, rv == CKR_OBJECT_HANDLE_INVALID);
-
-	teardown (cu);
+	assert (rv == CKR_OBJECT_HANDLE_INVALID);
 }
 
 static void
-test_find_serial_der_decoded (CuTest *cu)
+test_find_serial_der_decoded (void)
 {
 	CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
 
@@ -946,39 +816,35 @@ test_find_serial_der_decoded (CuTest *cu)
 	 * See work_around_broken_nss_serial_number_lookups().
 	 */
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_CreateObject (session, object, 2, &handle);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	/* Do a standard find for the same object */
 	rv = test.module->C_FindObjectsInit (session, object, 2);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, 1, count);
-	CuAssertIntEquals (cu, handle, check);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (1, count);
+	assert_num_eq (handle, check);
 	rv = test.module->C_FindObjectsFinal (session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	/* Do a find for the serial number decoded */
 	rv = test.module->C_FindObjectsInit (session, match_decoded, 2);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, 1, count);
-	CuAssertIntEquals (cu, handle, check);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (1, count);
+	assert_num_eq (handle, check);
 	rv = test.module->C_FindObjectsFinal (session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-
-	teardown (cu);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static void
-test_find_serial_der_mismatch (CuTest *cu)
+test_find_serial_der_mismatch (void)
 {
 	CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
 
@@ -1000,109 +866,92 @@ test_find_serial_der_mismatch (CuTest *cu)
 	CK_ULONG count;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	rv = test.module->C_CreateObject (session, object, 2, &handle);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	/* Do a find with a null serial number, no match */
 	rv = test.module->C_FindObjectsInit (session, match, 2);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, 0, count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (0, count);
 	rv = test.module->C_FindObjectsFinal (session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	/* Do a find with a wrong length, no match */
 	match[0].pValue = "at";
 	match[0].ulValueLen = 2;
 	rv = test.module->C_FindObjectsInit (session, match, 2);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, 0, count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (0, count);
 	rv = test.module->C_FindObjectsFinal (session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 
 	/* Do a find with a right length, wrong value, no match */
 	match[0].pValue = "one";
 	match[0].ulValueLen = 3;
 	rv = test.module->C_FindObjectsInit (session, match, 2);
-	CuAssertIntEquals (cu, CKR_OK, rv);
+	assert_num_eq (CKR_OK, rv);
 	rv = test.module->C_FindObjects (session, &check, 1, &count);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-	CuAssertIntEquals (cu, 0, count);
+	assert_num_eq (CKR_OK, rv);
+	assert_num_eq (0, count);
 	rv = test.module->C_FindObjectsFinal (session);
-	CuAssertIntEquals (cu, CKR_OK, rv);
-
-	teardown (cu);
+	assert_num_eq (CKR_OK, rv);
 }
 
 static void
-test_login_logout (CuTest *cu)
+test_login_logout (void)
 {
 	CK_SESSION_HANDLE session;
 	CK_RV rv;
 
-	setup (cu);
-
 	rv = test.module->C_OpenSession (test.slots[0], CKF_SERIAL_SESSION, NULL, NULL, &session);
-	CuAssertTrue (cu, rv == CKR_OK);
+	assert (rv == CKR_OK);
 
 	/* Just testing our stubs for now */
 
 	rv = test.module->C_Login (session, CKU_USER, NULL, 0);
-	CuAssertTrue (cu, rv == CKR_USER_TYPE_INVALID);
+	assert (rv == CKR_USER_TYPE_INVALID);
 
 	rv = test.module->C_Logout (session);
-	CuAssertTrue (cu, rv == CKR_USER_NOT_LOGGED_IN);
-
-	teardown (cu);
+	assert (rv == CKR_USER_NOT_LOGGED_IN);
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
 	p11_library_init ();
 
-	SUITE_ADD_TEST (suite, test_null_initialize);
-	SUITE_ADD_TEST (suite, test_multi_initialize);
-	SUITE_ADD_TEST (suite, test_get_slot_list);
-	SUITE_ADD_TEST (suite, test_get_slot_info);
-	SUITE_ADD_TEST (suite, test_get_token_info);
-	SUITE_ADD_TEST (suite, test_get_session_info);
-	SUITE_ADD_TEST (suite, test_close_all_sessions);
-	SUITE_ADD_TEST (suite, test_find_certificates);
-	SUITE_ADD_TEST (suite, test_find_builtin);
-	SUITE_ADD_TEST (suite, test_lookup_invalid);
-	SUITE_ADD_TEST (suite, test_remove_token);
-	SUITE_ADD_TEST (suite, test_setattr_token);
-	SUITE_ADD_TEST (suite, test_session_object);
-	SUITE_ADD_TEST (suite, test_session_find);
-	SUITE_ADD_TEST (suite, test_session_find_no_attr);
-	SUITE_ADD_TEST (suite, test_session_copy);
-	SUITE_ADD_TEST (suite, test_session_remove);
-	SUITE_ADD_TEST (suite, test_session_setattr);
-	SUITE_ADD_TEST (suite, test_find_serial_der_decoded);
-	SUITE_ADD_TEST (suite, test_find_serial_der_mismatch);
-	SUITE_ADD_TEST (suite, test_login_logout);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+	p11_fixture (setup, teardown);
+	p11_test (test_get_slot_list, "/module/get_slot_list");
+	p11_test (test_get_slot_info, "/module/get_slot_info");
+
+	p11_fixture (NULL, NULL);
+	p11_test (test_get_token_info, "/module/get_token_info");
+
+	p11_fixture (setup, teardown);
+	p11_test (test_get_session_info, "/module/get_session_info");
+	p11_test (test_close_all_sessions, "/module/close_all_sessions");
+	p11_test (test_find_certificates, "/module/find_certificates");
+	p11_test (test_find_builtin, "/module/find_builtin");
+	p11_test (test_lookup_invalid, "/module/lookup_invalid");
+	p11_test (test_remove_token, "/module/remove_token");
+	p11_test (test_setattr_token, "/module/setattr_token");
+	p11_test (test_session_object, "/module/session_object");
+	p11_test (test_session_find, "/module/session_find");
+	p11_test (test_session_find_no_attr, "/module/session_find_no_attr");
+	p11_test (test_session_copy, "/module/session_copy");
+	p11_test (test_session_remove, "/module/session_remove");
+	p11_test (test_session_setattr, "/module/session_setattr");
+	p11_test (test_find_serial_der_decoded, "/module/find_serial_der_decoded");
+	p11_test (test_find_serial_der_mismatch, "/module/find_serial_der_mismatch");
+	p11_test (test_login_logout, "/module/login_logout");
+
+	return p11_test_run (argc, argv);
 }
diff --git a/trust/tests/test-parser.c b/trust/tests/test-parser.c
index 147823a..2b60254 100644
--- a/trust/tests/test-parser.c
+++ b/trust/tests/test-parser.c
@@ -33,7 +33,8 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-trust.h"
 
 #include 
 #include 
@@ -47,7 +48,6 @@
 #include "oid.h"
 #include "parser.h"
 #include "pkcs11x.h"
-#include "test-data.h"
 
 struct {
 	p11_parser *parser;
@@ -56,16 +56,16 @@ struct {
 } test;
 
 static void
-setup (CuTest *cu)
+setup (void *unused)
 {
 	test.index = p11_index_new (NULL, NULL, NULL);
 	test.cache = p11_asn1_cache_new ();
 	test.parser = p11_parser_new (test.index, test.cache);
-	CuAssertPtrNotNull (cu, test.parser);
+	assert_ptr_not_null (test.parser);
 }
 
 static void
-teardown (CuTest *cu)
+teardown (void *unused)
 {
 	p11_parser_free (test.parser);
 	p11_index_free (test.index);
@@ -94,7 +94,7 @@ parsed_attrs (CK_ATTRIBUTE *match)
 }
 
 static void
-test_parse_der_certificate (CuTest *cu)
+test_parse_der_certificate (void)
 {
 	CK_ATTRIBUTE *cert;
 	int ret;
@@ -109,23 +109,19 @@ test_parse_der_certificate (CuTest *cu)
 		{ CKA_INVALID },
 	};
 
-	setup (cu);
-
 	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
 	                      P11_PARSE_FLAG_NONE);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	/* Should have gotten certificate */
-	CuAssertIntEquals (cu, 1, p11_index_size (test.index));
+	assert_num_eq (1, p11_index_size (test.index));
 
 	cert = parsed_attrs (certificate_match);
-	test_check_attrs (cu, expected, cert);
-
-	teardown (cu);
+	test_check_attrs (expected, cert);
 }
 
 static void
-test_parse_pem_certificate (CuTest *cu)
+test_parse_pem_certificate (void)
 {
 	CK_ATTRIBUTE *cert;
 	int ret;
@@ -140,23 +136,19 @@ test_parse_pem_certificate (CuTest *cu)
 		{ CKA_INVALID },
 	};
 
-	setup (cu);
-
 	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.pem",
 	                      P11_PARSE_FLAG_NONE);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	/* Should have gotten certificate  */
-	CuAssertIntEquals (cu, 1, p11_index_size (test.index));
+	assert_num_eq (1, p11_index_size (test.index));
 
 	cert = parsed_attrs (certificate_match);
-	test_check_attrs (cu, expected, cert);
-
-	teardown (cu);
+	test_check_attrs (expected, cert);
 }
 
 static void
-test_parse_p11_kit_persist (CuTest *cu)
+test_parse_p11_kit_persist (void)
 {
 	CK_ATTRIBUTE *cert;
 	int ret;
@@ -171,23 +163,19 @@ test_parse_p11_kit_persist (CuTest *cu)
 		{ CKA_INVALID },
 	};
 
-	setup (cu);
-
 	ret = p11_parse_file (test.parser, SRCDIR "/input/verisign-v1.p11-kit",
 	                      P11_PARSE_FLAG_NONE);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	/* Should have gotten certificate  */
-	CuAssertIntEquals (cu, 1, p11_index_size (test.index));
+	assert_num_eq (1, p11_index_size (test.index));
 
 	cert = parsed_attrs (certificate_match);
-	test_check_attrs (cu, expected, cert);
-
-	teardown (cu);
+	test_check_attrs (expected, cert);
 }
 
 static void
-test_parse_openssl_trusted (CuTest *cu)
+test_parse_openssl_trusted (void)
 {
 	CK_ATTRIBUTE cacert3[] = {
 		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
@@ -228,40 +216,36 @@ test_parse_openssl_trusted (CuTest *cu)
 	int ret;
 	int i;
 
-	setup (cu);
-
 	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3-trusted.pem",
 	                      P11_PARSE_FLAG_ANCHOR);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	/*
 	 * Should have gotten:
 	 * - 1 certificate
 	 * - 2 stapled extensions
 	 */
-	CuAssertIntEquals (cu, 3, p11_index_size (test.index));
+	assert_num_eq (3, p11_index_size (test.index));
 
 	/* The certificate */
 	cert = parsed_attrs (certificate_match);
-	test_check_attrs (cu, expected[0], cert);
+	test_check_attrs (expected[0], cert);
 
 	/* The other objects */
 	for (i = 1; expected[i]; i++) {
 		handle = p11_index_find (test.index, expected[i], 2);
-		CuAssertTrue (cu, handle != 0);
+		assert (handle != 0);
 
 		object = p11_index_lookup (test.index, handle);
-		CuAssertPtrNotNull (cu, object);
+		assert_ptr_not_null (object);
 
-		test_check_attrs (cu, expected[i], object);
-		test_check_id (cu, cert, object);
+		test_check_attrs (expected[i], object);
+		test_check_id (cert, object);
 	}
-
-	teardown (cu);
 }
 
 static void
-test_parse_openssl_distrusted (CuTest *cu)
+test_parse_openssl_distrusted (void)
 {
 	CK_ATTRIBUTE distrust_cert[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate), },
@@ -301,42 +285,38 @@ test_parse_openssl_distrusted (CuTest *cu)
 	int ret;
 	int i;
 
-	setup (cu);
-
 	/*
 	 * OpenSSL style is to litter the blacklist in with the anchors,
 	 * so we parse this as an anchor, but expect it to be blacklisted
 	 */
 	ret = p11_parse_file (test.parser, SRCDIR "/files/distrusted.pem",
 	                      P11_PARSE_FLAG_ANCHOR);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	/*
 	 * Should have gotten:
 	 * - 1 certificate
 	 * - 2 stapled extensions
 	 */
-	CuAssertIntEquals (cu, 3, p11_index_size (test.index));
+	assert_num_eq (3, p11_index_size (test.index));
 	cert = parsed_attrs (certificate_match);
-	test_check_attrs (cu, expected[0], cert);
+	test_check_attrs (expected[0], cert);
 
 	/* The other objects */
 	for (i = 1; expected[i]; i++) {
 		handle = p11_index_find (test.index, expected[i], 2);
-		CuAssertTrue (cu, handle != 0);
+		assert (handle != 0);
 
 		object = p11_index_lookup (test.index, handle);
-		CuAssertPtrNotNull (cu, object);
+		assert_ptr_not_null (object);
 
-		test_check_attrs (cu, expected[i], object);
-		test_check_id (cu, cert, object);
+		test_check_attrs (expected[i], object);
+		test_check_id (cert, object);
 	}
-
-	teardown (cu);
 }
 
 static void
-test_parse_anchor (CuTest *cu)
+test_parse_anchor (void)
 {
 	CK_ATTRIBUTE cacert3[] = {
 		{ CKA_CERTIFICATE_TYPE, &x509, sizeof (x509) },
@@ -351,26 +331,22 @@ test_parse_anchor (CuTest *cu)
 	CK_ATTRIBUTE *cert;
 	int ret;
 
-	setup (cu);
-
 	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
 	                      P11_PARSE_FLAG_ANCHOR);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	/*
 	 * Should have gotten:
 	 * - 1 certificate
 	 */
-	CuAssertIntEquals (cu, 1, p11_index_size (test.index));
+	assert_num_eq (1, p11_index_size (test.index));
 
 	cert = parsed_attrs (certificate_match);
-	test_check_attrs (cu, cacert3, cert);
-
-	teardown (cu);
+	test_check_attrs (cacert3, cert);
 }
 
 static void
-test_parse_thawte (CuTest *cu)
+test_parse_thawte (void)
 {
 	CK_ATTRIBUTE *cert;
 	int ret;
@@ -384,61 +360,49 @@ test_parse_thawte (CuTest *cu)
 		{ CKA_INVALID },
 	};
 
-	setup (cu);
-
 	ret = p11_parse_file (test.parser, SRCDIR "/files/thawte.pem",
 	                      P11_PARSE_FLAG_NONE);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	/* Should have gotten certificate  */
-	CuAssertIntEquals (cu, 1, p11_index_size (test.index));
+	assert_num_eq (1, p11_index_size (test.index));
 
 	cert = parsed_attrs (certificate_match);
-	test_check_attrs (cu, expected, cert);
-
-	teardown (cu);
+	test_check_attrs (expected, cert);
 }
 
 /* TODO: A certificate that uses generalTime needs testing */
 
 static void
-test_parse_invalid_file (CuTest *cu)
+test_parse_invalid_file (void)
 {
 	int ret;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	ret = p11_parse_file (test.parser, "/nonexistant",
 	                      P11_PARSE_FLAG_NONE);
-	CuAssertIntEquals (cu, P11_PARSE_FAILURE, ret);
+	assert_num_eq (P11_PARSE_FAILURE, ret);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_parse_unrecognized (CuTest *cu)
+test_parse_unrecognized (void)
 {
 	int ret;
 
-	setup (cu);
-
 	p11_message_quiet ();
 
 	ret = p11_parse_file (test.parser, SRCDIR "/files/unrecognized-file.txt",
 	                      P11_PARSE_FLAG_NONE);
-	CuAssertIntEquals (cu, P11_PARSE_UNRECOGNIZED, ret);
+	assert_num_eq (P11_PARSE_UNRECOGNIZED, ret);
 
 	p11_message_loud ();
-
-	teardown (cu);
 }
 
 static void
-test_duplicate (CuTest *cu)
+test_duplicate (void)
 {
 	CK_ATTRIBUTE cacert3[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -454,36 +418,33 @@ test_duplicate (CuTest *cu)
 	CK_ATTRIBUTE *cert;
 	int ret;
 
-	setup (cu);
-
 	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	p11_message_quiet ();
 
 	/* This shouldn't be added, should print a message */
 	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
-	CuAssertTrue (cu, strstr (p11_message_last (), "duplicate") != NULL);
+	assert (strstr (p11_message_last (), "duplicate") != NULL);
 
 	p11_message_loud ();
 
 	/* Should only be one certificate since the above two are identical */
 	handles = p11_index_find_all (test.index, cacert3, 2);
-	CuAssertPtrNotNull (cu, handles);
-	CuAssertTrue (cu, handles[0] != 0);
-	CuAssertTrue (cu, handles[1] == 0);
+	assert_ptr_not_null (handles);
+	assert (handles[0] != 0);
+	assert (handles[1] == 0);
 
 	cert = p11_index_lookup (test.index, handles[0]);
-	test_check_attrs (cu, cacert3, cert);
+	test_check_attrs (cacert3, cert);
 
 	free (handles);
-	teardown (cu);
 }
 
 static void
-test_duplicate_priority (CuTest *cu)
+test_duplicate_priority (void)
 {
 	CK_ATTRIBUTE cacert3[] = {
 		{ CKA_CLASS, &certificate, sizeof (certificate) },
@@ -515,29 +476,27 @@ test_duplicate_priority (CuTest *cu)
 	CK_ATTRIBUTE *cert;
 	int ret;
 
-	setup (cu);
-
 	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der", 0);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	p11_message_quiet ();
 
 	/* This shouldn't be added, should print a message */
 	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
 	                      P11_PARSE_FLAG_ANCHOR);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
-	CuAssertTrue (cu, strstr (p11_message_last (), "duplicate") != NULL);
+	assert (strstr (p11_message_last (), "duplicate") != NULL);
 
 	p11_message_loud ();
 
 	/* We should now find the trusted certificate */
 	handles = p11_index_find_all (test.index, cacert3, 2);
-	CuAssertPtrNotNull (cu, handles);
-	CuAssertTrue (cu, handles[0] != 0);
-	CuAssertTrue (cu, handles[1] == 0);
+	assert_ptr_not_null (handles);
+	assert (handles[0] != 0);
+	assert (handles[1] == 0);
 	cert = p11_index_lookup (test.index, handles[0]);
-	test_check_attrs (cu, trusted, cert);
+	test_check_attrs (trusted, cert);
 	free (handles);
 
 	/* Now add a distrutsed one, this should override the trusted */
@@ -546,51 +505,35 @@ test_duplicate_priority (CuTest *cu)
 
 	ret = p11_parse_file (test.parser, SRCDIR "/files/cacert3.der",
 	                      P11_PARSE_FLAG_BLACKLIST);
-	CuAssertIntEquals (cu, P11_PARSE_SUCCESS, ret);
+	assert_num_eq (P11_PARSE_SUCCESS, ret);
 
 	p11_message_loud ();
 
 	/* We should now find the distrusted certificate */
 	handles = p11_index_find_all (test.index, cacert3, 2);
-	CuAssertPtrNotNull (cu, handles);
-	CuAssertTrue (cu, handles[0] != 0);
-	CuAssertTrue (cu, handles[1] == 0);
+	assert_ptr_not_null (handles);
+	assert (handles[0] != 0);
+	assert (handles[1] == 0);
 	cert = p11_index_lookup (test.index, handles[0]);
-	test_check_attrs (cu, distrust, cert);
+	test_check_attrs (distrust, cert);
 	free (handles);
-
-	teardown (cu);
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_parse_der_certificate);
-	SUITE_ADD_TEST (suite, test_parse_pem_certificate);
-	SUITE_ADD_TEST (suite, test_parse_p11_kit_persist);
-	SUITE_ADD_TEST (suite, test_parse_openssl_trusted);
-	SUITE_ADD_TEST (suite, test_parse_openssl_distrusted);
-	SUITE_ADD_TEST (suite, test_parse_anchor);
-	SUITE_ADD_TEST (suite, test_parse_thawte);
-	SUITE_ADD_TEST (suite, test_parse_invalid_file);
-	SUITE_ADD_TEST (suite, test_parse_unrecognized);
-	SUITE_ADD_TEST (suite, test_duplicate);
-	SUITE_ADD_TEST (suite, test_duplicate_priority);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+	p11_fixture (setup, teardown);
+	p11_test (test_parse_der_certificate, "/parser/parse_der_certificate");
+	p11_test (test_parse_pem_certificate, "/parser/parse_pem_certificate");
+	p11_test (test_parse_p11_kit_persist, "/parser/parse_p11_kit_persist");
+	p11_test (test_parse_openssl_trusted, "/parser/parse_openssl_trusted");
+	p11_test (test_parse_openssl_distrusted, "/parser/parse_openssl_distrusted");
+	p11_test (test_parse_anchor, "/parser/parse_anchor");
+	p11_test (test_parse_thawte, "/parser/parse_thawte");
+	p11_test (test_parse_invalid_file, "/parser/parse_invalid_file");
+	p11_test (test_parse_unrecognized, "/parser/parse_unrecognized");
+	p11_test (test_duplicate, "/parser/duplicate");
+	p11_test (test_duplicate_priority, "/parser/duplicate_priority");
+	return p11_test_run (argc, argv);
 }
diff --git a/trust/tests/test-persist.c b/trust/tests/test-persist.c
index ee73331..defeecf 100644
--- a/trust/tests/test-persist.c
+++ b/trust/tests/test-persist.c
@@ -33,8 +33,10 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-trust.h"
 
+#include 
 #include 
 #include 
 #include 
@@ -48,10 +50,8 @@
 #include "pkcs11.h"
 #include "pkcs11x.h"
 
-#include "test-data.h"
-
 static void
-test_magic (CuTest *tc)
+test_magic (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -64,10 +64,10 @@ test_magic (CuTest *tc)
 	                    "value: \"blah\"\n"
 	                    "application: \"test-persist\"\n";
 
-	CuAssertTrue (tc, p11_persist_magic ((unsigned char *)input, strlen (input)));
-	CuAssertTrue (tc, !p11_persist_magic ((unsigned char *)input, 5));
-	CuAssertTrue (tc, p11_persist_magic ((unsigned char *)other, strlen (other)));
-	CuAssertTrue (tc, !p11_persist_magic ((unsigned char *)"blah", 4));
+	assert (p11_persist_magic ((unsigned char *)input, strlen (input)));
+	assert (!p11_persist_magic ((unsigned char *)input, 5));
+	assert (p11_persist_magic ((unsigned char *)other, strlen (other)));
+	assert (!p11_persist_magic ((unsigned char *)"blah", 4));
 }
 
 static p11_array *
@@ -94,9 +94,9 @@ args_to_array (void *arg,
 }
 
 static void
-check_read_msg (CuTest *tc,
-                const char *file,
+check_read_msg (const char *file,
                 int line,
+                const char *function,
                 const char *input,
                 p11_array *expected)
 {
@@ -108,14 +108,18 @@ check_read_msg (CuTest *tc,
 	objects = p11_array_new (p11_attrs_free);
 
 	if (p11_persist_read (persist, "test", (const unsigned char *)input, strlen (input), objects)) {
-		CuAssert_Line (tc, file, line, "decoding should have failed", expected != NULL);
+		if (expected == NULL)
+			p11_test_fail (file, line, function, "decoding should have failed");
 		for (i = 0; i < expected->num; i++) {
-			CuAssert_Line (tc, file, line, "too few objects read", i < objects->num);
-			test_check_attrs_msg (tc, file, line, expected->elem[i], objects->elem[i]);
+			if (i >= objects->num)
+				p11_test_fail (file, line, function, "too few objects read");
+			test_check_attrs_msg (file, line, function, expected->elem[i], objects->elem[i]);
 		}
-		CuAssert_Line (tc, file, line, "too many objects read", i == objects->num);
+		if (i != objects->num)
+			p11_test_fail (file, line, function, "too many objects read");
 	} else {
-		CuAssert_Line (tc, file, line, "decoding failed", expected == NULL);
+		if (expected != NULL)
+			p11_test_fail (file, line, function, "decoding failed");
 	}
 
 	p11_array_free (objects);
@@ -123,11 +127,11 @@ check_read_msg (CuTest *tc,
 	p11_array_free (expected);
 }
 
-#define check_read_success(tc, input, objs) \
-	check_read_msg (tc, __FILE__, __LINE__, input, args_to_array objs)
+#define check_read_success(input, objs) \
+	check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, args_to_array objs)
 
-#define check_read_failure(tc, input) \
-	check_read_msg (tc, __FILE__, __LINE__, input, NULL)
+#define check_read_failure(input) \
+	check_read_msg (__FILE__, __LINE__, __FUNCTION__, input, NULL)
 
 static CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
 static CK_CERTIFICATE_TYPE x509 = CKC_X_509;
@@ -137,7 +141,7 @@ static CK_BBOOL truev = CK_TRUE;
 static CK_BBOOL falsev = CK_FALSE;
 
 static void
-test_simple (CuTest *tc)
+test_simple (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -151,11 +155,11 @@ test_simple (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	check_read_success (tc, input, (expected, NULL));
+	check_read_success (input, (expected, NULL));
 }
 
 static void
-test_number (CuTest *tc)
+test_number (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -171,11 +175,11 @@ test_number (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	check_read_success (tc, input, (expected, NULL));
+	check_read_success (input, (expected, NULL));
 }
 
 static void
-test_bool (CuTest *tc)
+test_bool (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -191,11 +195,11 @@ test_bool (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	check_read_success (tc, input, (expected, NULL));
+	check_read_success (input, (expected, NULL));
 }
 
 static void
-test_oid (CuTest *tc)
+test_oid (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -207,11 +211,11 @@ test_oid (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	check_read_success (tc, input, (expected, NULL));
+	check_read_success (input, (expected, NULL));
 }
 
 static void
-test_constant (CuTest *tc)
+test_constant (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -225,11 +229,11 @@ test_constant (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	check_read_success (tc, input, (expected, NULL));
+	check_read_success (input, (expected, NULL));
 }
 
 static void
-test_multiple (CuTest *tc)
+test_multiple (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -252,11 +256,11 @@ test_multiple (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	check_read_success (tc, input, (expected1, expected2, NULL));
+	check_read_success (input, (expected1, expected2, NULL));
 }
 
 static void
-test_pem_block (CuTest *tc)
+test_pem_block (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: certificate\n"
@@ -286,11 +290,11 @@ test_pem_block (CuTest *tc)
 		{ CKA_INVALID },
 	};
 
-	check_read_success (tc, input, (expected, NULL));
+	check_read_success (input, (expected, NULL));
 }
 
 static void
-test_pem_invalid (CuTest *tc)
+test_pem_invalid (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: certificate\n"
@@ -311,13 +315,13 @@ test_pem_invalid (CuTest *tc)
 
 	p11_message_quiet ();
 
-	check_read_failure (tc, input);
+	check_read_failure (input);
 
 	p11_message_loud ();
 }
 
 static void
-test_pem_unsupported (CuTest *tc)
+test_pem_unsupported (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: certificate\n"
@@ -327,13 +331,13 @@ test_pem_unsupported (CuTest *tc)
 
 	p11_message_quiet ();
 
-	check_read_failure (tc, input);
+	check_read_failure (input);
 
 	p11_message_loud ();
 }
 
 static void
-test_pem_first (CuTest *tc)
+test_pem_first (void)
 {
 	const char *input = "-----BEGIN BLOCK1-----\n"
 	                    "aYNNXqshlVxCdo8QfKeXh3GUzd/yn4LYIVgQrx4a\n"
@@ -343,13 +347,13 @@ test_pem_first (CuTest *tc)
 
 	p11_message_quiet ();
 
-	check_read_failure (tc, input);
+	check_read_failure (input);
 
 	p11_message_loud ();
 }
 
 static void
-test_skip_unknown (CuTest *tc)
+test_skip_unknown (void)
 {
 	const char *input = "[version-2]\n"
 	                    "class: data\n"
@@ -371,13 +375,13 @@ test_skip_unknown (CuTest *tc)
 
 	p11_message_quiet ();
 
-	check_read_success (tc, input, (expected2, NULL));
+	check_read_success (input, (expected2, NULL));
 
 	p11_message_loud ();
 }
 
 static void
-test_bad_value (CuTest *tc)
+test_bad_value (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -385,13 +389,13 @@ test_bad_value (CuTest *tc)
 
 	p11_message_quiet ();
 
-	check_read_failure (tc, input);
+	check_read_failure (input);
 
 	p11_message_loud ();
 }
 
 static void
-test_bad_oid (CuTest *tc)
+test_bad_oid (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -399,13 +403,13 @@ test_bad_oid (CuTest *tc)
 
 	p11_message_quiet ();
 
-	check_read_failure (tc, input);
+	check_read_failure (input);
 
 	p11_message_loud ();
 }
 
 static void
-test_bad_field (CuTest *tc)
+test_bad_field (void)
 {
 	const char *input = "[p11-kit-object-v1]\n"
 	                    "class: data\n"
@@ -413,13 +417,13 @@ test_bad_field (CuTest *tc)
 
 	p11_message_quiet ();
 
-	check_read_failure (tc, input);
+	check_read_failure (input);
 
 	p11_message_loud ();
 }
 
 static void
-test_attribute_first (CuTest *tc)
+test_attribute_first (void)
 {
 	const char *input = "class: data\n"
 	                    "[p11-kit-object-v1]\n"
@@ -427,45 +431,30 @@ test_attribute_first (CuTest *tc)
 
 	p11_message_quiet ();
 
-	check_read_failure (tc, input);
+	check_read_failure (input);
 
 	p11_message_loud ();
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_magic);
-	SUITE_ADD_TEST (suite, test_simple);
-	SUITE_ADD_TEST (suite, test_number);
-	SUITE_ADD_TEST (suite, test_bool);
-	SUITE_ADD_TEST (suite, test_oid);
-	SUITE_ADD_TEST (suite, test_constant);
-	SUITE_ADD_TEST (suite, test_multiple);
-	SUITE_ADD_TEST (suite, test_pem_block);
-	SUITE_ADD_TEST (suite, test_pem_invalid);
-	SUITE_ADD_TEST (suite, test_pem_unsupported);
-	SUITE_ADD_TEST (suite, test_pem_first);
-	SUITE_ADD_TEST (suite, test_bad_value);
-	SUITE_ADD_TEST (suite, test_bad_oid);
-	SUITE_ADD_TEST (suite, test_bad_field);
-	SUITE_ADD_TEST (suite, test_skip_unknown);
-	SUITE_ADD_TEST (suite, test_attribute_first);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+	p11_test (test_magic, "/persist/magic");
+	p11_test (test_simple, "/persist/simple");
+	p11_test (test_number, "/persist/number");
+	p11_test (test_bool, "/persist/bool");
+	p11_test (test_oid, "/persist/oid");
+	p11_test (test_constant, "/persist/constant");
+	p11_test (test_multiple, "/persist/multiple");
+	p11_test (test_pem_block, "/persist/pem_block");
+	p11_test (test_pem_invalid, "/persist/pem_invalid");
+	p11_test (test_pem_unsupported, "/persist/pem_unsupported");
+	p11_test (test_pem_first, "/persist/pem_first");
+	p11_test (test_bad_value, "/persist/bad_value");
+	p11_test (test_bad_oid, "/persist/bad_oid");
+	p11_test (test_bad_field, "/persist/bad_field");
+	p11_test (test_skip_unknown, "/persist/skip_unknown");
+	p11_test (test_attribute_first, "/persist/attribute_first");
+	return p11_test_run (argc, argv);
 }
diff --git a/trust/tests/test-token.c b/trust/tests/test-token.c
index ffd733f..6f5ccdb 100644
--- a/trust/tests/test-token.c
+++ b/trust/tests/test-token.c
@@ -33,7 +33,8 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
+#include "test-trust.h"
 
 #include 
 #include 
@@ -43,7 +44,6 @@
 #include "debug.h"
 #include "pkcs11x.h"
 #include "message.h"
-#include "test-data.h"
 #include "token.h"
 
 struct {
@@ -51,40 +51,35 @@ struct {
 } test;
 
 static void
-setup (CuTest *cu,
-       const char *path)
+setup (void *path)
 {
 	test.token = p11_token_new (333, path, "Label");
-	CuAssertPtrNotNull (cu, test.token);
+	assert_ptr_not_null (test.token);
 }
 
 static void
-teardown (CuTest *cu)
+teardown (void *path)
 {
 	p11_token_free (test.token);
 	memset (&test, 0, sizeof (test));
 }
 
 static void
-test_token_load (CuTest *cu)
+test_token_load (void *path)
 {
 	p11_index *index;
 	int count;
 
-	setup (cu, SRCDIR "/input");
-
 	count = p11_token_load (test.token);
-	CuAssertIntEquals (cu, 7, count);
+	assert_num_eq (7, count);
 
 	/* A certificate and trust object for each parsed object + builtin */
 	index = p11_token_index (test.token);
-	CuAssertTrue (cu, ((count - 1) * 2) + 1 <= p11_index_size (index));
-
-	teardown (cu);
+	assert (((count - 1) * 2) + 1 <= p11_index_size (index));
 }
 
 static void
-test_token_flags (CuTest *cu)
+test_token_flags (void *path)
 {
 	CK_OBJECT_CLASS certificate = CKO_CERTIFICATE;
 	CK_BBOOL falsev = CK_FALSE;
@@ -178,78 +173,50 @@ test_token_flags (CuTest *cu)
 	CK_ATTRIBUTE *object;
 	int i;
 
-	setup (cu, SRCDIR "/input");
-
 	if (p11_token_load (test.token) < 0)
-		CuFail (cu, "should not be reached");
+		assert_not_reached ();
 
 	/* The other objects */
 	for (i = 0; expected[i]; i++) {
 		handle = p11_index_find (p11_token_index (test.token), expected[i], 2);
-		CuAssertTrue (cu, handle != 0);
+		assert (handle != 0);
 
 		object = p11_index_lookup (p11_token_index (test.token), handle);
-		CuAssertPtrNotNull (cu, object);
+		assert_ptr_not_null (object);
 
-		test_check_attrs (cu, expected[i], object);
+		test_check_attrs (expected[i], object);
 	}
-
-	teardown (cu);
 }
 
 static void
-test_token_path (CuTest *cu)
+test_token_path (void *path)
 {
-	setup (cu, "/wheee");
-
-	CuAssertStrEquals (cu, "/wheee", p11_token_get_path (test.token));
-
-	teardown (cu);
+	assert_str_eq (path, p11_token_get_path (test.token));
 }
 
 static void
-test_token_label (CuTest *cu)
+test_token_label (void *path)
 {
-	setup (cu, "/wheee");
-
-	CuAssertStrEquals (cu, "Label", p11_token_get_label (test.token));
-
-	teardown (cu);
+	assert_str_eq ("Label", p11_token_get_label (test.token));
 }
 
 static void
-test_token_slot (CuTest *cu)
+test_token_slot (void *path)
 {
-	setup (cu, "/unneeded");
-
-	CuAssertIntEquals (cu, 333, p11_token_get_slot (test.token));
-
-	teardown (cu);
+	assert_num_eq (333, p11_token_get_slot (test.token));
 }
 
 int
-main (void)
+main (int argc,
+      char *argv[])
 {
-	CuString *output = CuStringNew ();
-	CuSuite* suite = CuSuiteNew ();
-	int ret;
-
-	putenv ("P11_KIT_STRICT=1");
-	p11_debug_init ();
-
-	SUITE_ADD_TEST (suite, test_token_load);
-	SUITE_ADD_TEST (suite, test_token_flags);
-	SUITE_ADD_TEST (suite, test_token_path);
-	SUITE_ADD_TEST (suite, test_token_label);
-	SUITE_ADD_TEST (suite, test_token_slot);
-
-	CuSuiteRun (suite);
-	CuSuiteSummary (suite, output);
-	CuSuiteDetails (suite, output);
-	printf ("%s\n", output->buffer);
-	ret = suite->failCount;
-	CuSuiteDelete (suite);
-	CuStringDelete (output);
-
-	return ret;
+	p11_fixture (setup, teardown);
+	p11_testx (test_token_load, SRCDIR "/input", "/token/load");
+	p11_testx (test_token_flags, SRCDIR "/input", "/token/flags");
+
+	p11_fixture (setup, teardown);
+	p11_testx (test_token_path, "/wheee", "/token/path");
+	p11_testx (test_token_label, "/wheee", "/token/label");
+	p11_testx (test_token_slot, "/unneeded", "/token/slot");
+	return p11_test_run (argc, argv);
 }
diff --git a/trust/tests/test-data.c b/trust/tests/test-trust.c
similarity index 74%
rename from trust/tests/test-data.c
rename to trust/tests/test-trust.c
index 6c55fd0..6b990dc 100644
--- a/trust/tests/test-data.c
+++ b/trust/tests/test-trust.c
@@ -33,10 +33,10 @@
  */
 
 #include "config.h"
-#include "CuTest.h"
+#include "test.h"
 
 #include "attrs.h"
-#include "test-data.h"
+#include "test-trust.h"
 
 #include 
 #include 
@@ -44,9 +44,9 @@
 #include 
 
 void
-test_check_object_msg (CuTest *cu,
-                       const char *file,
+test_check_object_msg (const char *file,
                        int line,
+                       const char *function,
                        CK_ATTRIBUTE *attrs,
                        CK_OBJECT_CLASS klass,
                        const char *label)
@@ -61,13 +61,13 @@ test_check_object_msg (CuTest *cu,
 		{ CKA_INVALID },
 	};
 
-	test_check_attrs_msg (cu, file, line, expected, attrs);
+	test_check_attrs_msg (file, line, function, expected, attrs);
 }
 
 void
-test_check_cacert3_ca_msg (CuTest *cu,
-                           const char *file,
+test_check_cacert3_ca_msg (const char *file,
                            int line,
+                           const char *function,
                            CK_ATTRIBUTE *attrs,
                            const char *label)
 {
@@ -87,14 +87,14 @@ test_check_cacert3_ca_msg (CuTest *cu,
 		{ CKA_INVALID },
 	};
 
-	test_check_object_msg (cu, file, line, attrs, CKO_CERTIFICATE, label);
-	test_check_attrs_msg (cu, file, line, expected, attrs);
+	test_check_object_msg (file, line, function, attrs, CKO_CERTIFICATE, label);
+	test_check_attrs_msg (file, line, function, expected, attrs);
 }
 
 void
-test_check_id_msg (CuTest *cu,
-                   const char *file,
+test_check_id_msg (const char *file,
                    int line,
+                   const char *function,
                    CK_ATTRIBUTE *expected,
                    CK_ATTRIBUTE *attr)
 {
@@ -104,13 +104,13 @@ test_check_id_msg (CuTest *cu,
 	one = p11_attrs_find (expected, CKA_ID);
 	two = p11_attrs_find (attr, CKA_ID);
 
-	test_check_attr_msg (cu, file, line, CKA_INVALID, one, two);
+	test_check_attr_msg (file, line, function, CKA_INVALID, one, two);
 }
 
 void
-test_check_attrs_msg (CuTest *cu,
-                      const char *file,
+test_check_attrs_msg (const char *file,
                       int line,
+                      const char *function,
                       CK_ATTRIBUTE *expected,
                       CK_ATTRIBUTE *attrs)
 {
@@ -122,39 +122,31 @@ test_check_attrs_msg (CuTest *cu,
 
 	while (!p11_attrs_terminator (expected)) {
 		attr = p11_attrs_find (attrs, expected->type);
-		test_check_attr_msg (cu, file, line, klass, expected, attr);
+		test_check_attr_msg (file, line, function, klass, expected, attr);
 		expected++;
 	}
 }
 
 void
-test_check_attr_msg (CuTest *cu,
-                     const char *file,
+test_check_attr_msg (const char *file,
                      int line,
+                     const char *function,
                      CK_OBJECT_CLASS klass,
                      CK_ATTRIBUTE *expected,
                      CK_ATTRIBUTE *attr)
 {
-	char *message;
 	assert (expected != NULL);
 
 	if (attr == NULL) {
-		asprintf (&message, "expected %s but found NULL",
-		          p11_attr_to_string (expected, klass));
-		CuFail_Line (cu, file, line, "attribute does not match", message);
+		p11_test_fail (file, line, function,
+		               "attribute does not match: (expected %s but found NULL)",
+		               p11_attr_to_string (expected, klass));
 	}
 
 	if (!p11_attr_equal (attr, expected)) {
-		asprintf (&message, "expected %s but found %s",
-		          p11_attr_to_string (expected, klass),
-		          p11_attr_to_string (attr, klass));
-		CuFail_Line (cu, file, line, "attribute does not match", message);
+		p11_test_fail (file, line, function,
+		               "attribute does not match: (expected %s but found %s)",
+		               p11_attr_to_string (expected, klass),
+		               p11_attr_to_string (attr, klass));
 	}
 }
-
-void
-test_fail_attrs_match (CuTest *cu,
-                       const char *file,
-                       const char *line,
-                       CK_ATTRIBUTE *expect,
-                       CK_ATTRIBUTE *attrs);
diff --git a/trust/tests/test-data.h b/trust/tests/test-trust.h
similarity index 94%
rename from trust/tests/test-data.h
rename to trust/tests/test-trust.h
index 275dd70..672ae64 100644
--- a/trust/tests/test-data.h
+++ b/trust/tests/test-trust.h
@@ -39,50 +39,50 @@
 #ifndef TEST_DATA_H_
 #define TEST_DATA_H_
 
-#define   test_check_object(cu, attrs, klass, label) \
-	test_check_object_msg (cu, __FILE__, __LINE__, attrs, klass, label)
+#define   test_check_object(attrs, klass, label) \
+	test_check_object_msg (__FILE__, __LINE__, __FUNCTION__, attrs, klass, label)
 
-void      test_check_object_msg        (CuTest *cu,
-                                        const char *file,
+void      test_check_object_msg        (const char *file,
                                         int line,
+                                        const char *function,
                                         CK_ATTRIBUTE *attrs,
                                         CK_OBJECT_CLASS klass,
                                         const char *label);
 
-#define   test_check_cacert3_ca(cu, attrs, label) \
-	test_check_cacert3_ca_msg (cu, __FILE__, __LINE__, attrs, label)
+#define   test_check_cacert3_ca(attrs, label) \
+	test_check_cacert3_ca_msg (__FILE__, __LINE__, __FUNCTION__, attrs, label)
 
-void      test_check_cacert3_ca_msg    (CuTest *cu,
-                                        const char *file,
+void      test_check_cacert3_ca_msg    (const char *file,
                                         int line,
+                                        const char *function,
                                         CK_ATTRIBUTE *attrs,
                                         const char *label);
 
-#define   test_check_attrs(cu, expected, attrs) \
-	test_check_attrs_msg (cu, __FILE__, __LINE__, expected, attrs)
+#define   test_check_attrs(expected, attrs) \
+	test_check_attrs_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs)
 
-void      test_check_attrs_msg         (CuTest *cu,
-                                        const char *file,
+void      test_check_attrs_msg         (const char *file,
                                         int line,
+                                        const char *function,
                                         CK_ATTRIBUTE *expected,
                                         CK_ATTRIBUTE *attrs);
 
-#define   test_check_attr(cu, expected, attr) \
-	test_check_attr_msg (cu, __FILE__, __LINE__, CKA_INVALID, expected, attr)
+#define   test_check_attr(expected, attr) \
+	test_check_attr_msg (__FILE__, __LINE__, __FUNCTION__, CKA_INVALID, expected, attr)
 
-void      test_check_attr_msg          (CuTest *cu,
-                                        const char *file,
+void      test_check_attr_msg          (const char *file,
                                         int line,
+                                        const char *function,
                                         CK_OBJECT_CLASS klass,
                                         CK_ATTRIBUTE *expected,
                                         CK_ATTRIBUTE *attr);
 
-#define   test_check_id(cu, expected, attrs) \
-	test_check_id_msg (cu, __FILE__, __LINE__, expected, attrs)
+#define   test_check_id(expected, attrs) \
+	test_check_id_msg (__FILE__, __LINE__, __FUNCTION__, expected, attrs)
 
-void      test_check_id_msg           (CuTest *cu,
-                                       const char *file,
+void      test_check_id_msg           (const char *file,
                                        int line,
+                                       const char *function,
                                        CK_ATTRIBUTE *expected,
                                        CK_ATTRIBUTE *attr);